Department of Agriculture Department of Aging Finding 2025 – 013: ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2024-014) Federal Grant Number(s) and Year(s): 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 241PA445Q2204 (10/01/2023 – 9/30/2024), 251PA825Y8105 (10/01/2024 – 9/30/2025), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PASTPH (1/01/2022 – 9/30/2025), 2301PAOACM (10/01/2022 – 9/30/2025), 2301PAOAHD (10/01/2022 – 9/30/2025), 2301PAOASS (10/01/2022 – 9/30/2025), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2501PAOACM (10/01/2024 – 9/30/2026), 2501PAOAHD (10/01/2024 – 9/30/2026), 2501PAOANS (10/01/2024 – 9/30/2026), 2501PAOASS (10/01/2024 – 9/30/2026) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2025. Our testing disclosed that the Pennsylvania Department of Agriculture (PDA) did not identify the federal award information in subrecipient award documents. Additionally, PDA, and the Pennsylvania Department of Aging (PDOA) did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE Finding 2025 – 013: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (b) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the information provided below. A pass-through entity must provide the best available information when some of the information below is unavailable. A pass-through entity must provide the unavailable information when it is obtained. Required information includes: (1) Federal award identification. (iii) Federal Award Identification Number (FAIN); (6) Appropriate terms and conditions concerning closeout of the subaward. (c) Evaluate each subrecipient's fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring described in paragraph (f) of this section. When evaluating a subrecipient's risk, a pass-through entity should consider the following: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits. This includes considering whether or not the subrecipient receives a Single Audit in accordance with subpart F and the extent to which the same or similar subawards have been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of any Federal agency monitoring (for example, if the subrecipient also receives Federal awards directly from the Federal agency). Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, PDA’s (Commodity Supplemental Food Program) processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA and PDOA were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2025 – 013: (continued) Recommendation: PDA should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, PDA should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA and PDOA should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. PDA Response: PDA agrees with this finding. PDOA Response: PDOA agrees with this finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2025 – 014: ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 66.458 – Clean Water State Revolving Fund ALN 84.425C – COVID-19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID-19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID-19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2024-015) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 241PA445Q2204 (10/01/2023 – 9/30/2024), 238PA000I1003 (5/25/2023 – 6/30/2025), 251PA825Y8105 (10/01/2024 – 9/30/2025), 42000124-0-CS (7/01/2024 – 9/30/2026), 95324301-0-4C (7/01/2023 – 6/30/2023), 95325401-0-4X (7/01/2023 – 6/30/2030), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PASTPH (1/01/2022 – 9/30/2025), 2301PAOACM (10/01/2022 – 9/30/2025), 2301PAOAHD (10/01/2022 – 9/30/2025), 2301PAOASS (10/01/2022 – 9/30/2025), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2501PAOASS (10/01/2024 – 9/30/2026), 2501PAOACM (10/01/2024 – 9/30/2026), 2501PAOAHD (10/01/2024 – 9/30/2026), 2501PAOANS (10/01/2024 – 9/30/2026) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2025 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2024 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2025. We also evaluated the Commonwealth’s review of 47 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2025 and required management decisions by Commonwealth agencies. Finding 2025 – 014: (continued) Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have adequate procedures in place for tracking and making management decisions on findings timely. The time period for making management decisions on findings was approximately 13.4 months to over 19 months after the FAC acceptance date for four out of four audit reports with findings. For the four items selected for testing, PDOA had not completed SEFA reconciliations or performed alternative procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): The time period for making a management decision on findings was approximately eight months to over 15 months after the FAC acceptance date for four out of six audit reports with findings. There were also delays in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. In addition, our testing disclosed that PDA subgranted federal funds of approximately $8.9 million to one subrecipient during fiscal year ended June 30, 2024, for which the Single Audit was not submitted to the FAC as of our February 2026 testing date. This was over 10 months after the March 31, 2025 due date. • Department of Education (PDE): The time period for making a management decision on findings was approximately 6.9 months to over 12 months after the FAC acceptance date for nine out of 30 audit reports with findings selected for testing. Three of the 30 audits reports were improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Pennsylvania Infrastructure Investment Authority (PENNVEST): The time period for making a management decision on findings was over 15.9 months after the FAC acceptance date for one out of three audit reports with findings. For one out of three items selected for testing, PENNVEST had started but had not yet completed reconciling the SEFA to ensure the subrecipient SEFA was accurate so that major programs were properly determined and subject to audit. Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: A pass-through entity must: (e) Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must: (2) Ensure that the subrecipient takes corrective action on all significant developments that negatively affect the subaward. Significant developments include Single Audit findings related to the subaward, other audit findings, site visits, and written notifications from a subrecipient of adverse conditions which will impact their ability to meet the milestones or the objectives of a subaward. When significant developments negatively impact the subaward, a subrecipient must provide the pass-through entity with information on their plan for corrective action and any assistance needed to resolve the situation. (3) Issue a management decision for audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (g) Verify that a subrecipient is audited as required by Subpart F [Audit Requirements] of this part. (h) Consider whether the results of a subrecipient’s audit, site visits, or other monitoring necessitate adjustments to the pass-through entity’s records. Finding 2025 – 014: (continued) (i) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit, the data collection form, and the reporting package must be submitted within 30 calendar days after the auditee receives the auditor's report(s) or nine months after the end of the audit period (whichever is earlier). The cognizant agency for audit or oversight agency for audit (in the absence of a cognizant agency for audit) may authorize an extension when the nine-month timeframe would place an undue burden on the auditee. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments or take other action. (d) Time requirements. The Federal agency or pass-through entity responsible for issuing a management decision must do so within six months of the FAC’s acceptance of the audit report. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Remedies for audit noncompliance, states: In cases of continued inability or unwillingness of a non-federal entity to have an audit conducted in accordance with this part, Federal agencies or pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR Section 200.339, Remedies for noncompliance, states in part: The Federal agency or pass-through entity may implement specific conditions if the recipient or subrecipient fails to comply with the U.S. Constitution, Federal statutes, regulations, or terms and conditions of the Federal award. See §200.208 for additional information on specific conditions. When the Federal agency or pass-through entity determines that noncompliance cannot be remedied by imposing specific conditions, the Federal agency or pass-through entity may take one or more of the following actions: (a) Temporarily withhold payments until the recipient or subrecipient takes corrective action. (b) Disallow costs for all or part of the activity associated with the noncompliance of the recipient or subrecipient. (c) Suspend or terminate the Federal award in part or in its entirety. (d) Initiate suspension or debarment proceedings as authorized in 2 CFR Part 180 and the Federal agency’s regulations, or for pass-through entities, recommend suspension or debarment proceedings be initiated by the Federal agency. (e) Withhold further Federal funds (new awards or continuation funding) for the project or program. (f) Pursue other legally available remedies. Finding 2025 – 014: (continued) To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: a. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Finding 2025 – 014: (continued) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding the late and outstanding audit report submission, PDA did not take timely remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. PDE Response: PDE agrees with the finding. PENNVEST Response: PENNVEST agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Department of Labor and Industry Finding 2025 – 009: ALN 93.558 – Temporary Assistance for Needy Families Department of Labor and Industry Did Not Perform Adequate Monitoring of Temporary Assistance for Needy Families Subrecipients (A Similar Condition Was Noted in Prior Year Finding 2024-009) Federal Grant Number(s) and Year(s): 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021 – 9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: During the fiscal year ended June 30, 2025, the Department of Labor and Industry (L&I) paid $26.9 million in Temporary Assistance for Needy Families (TANF) funding to 22 subrecipients within the Youth Employment and Training (E&T) appropriation (or 6.7 percent) out of total federal TANF expenditures of $403.4 million reported on the June 30, 2025 Schedule of Expenditures of Federal Awards (SEFA). Our testing of L&I’s during-the-award monitoring of subrecipients for the fiscal year ended June 30, 2025, disclosed that L&I did not conduct on-site monitoring or perform desk reviews of the TANF Youth Development Program (TANF YDP) for three out of five subrecipients selected for testing. Although L&I performed monitoring of these subrecipients specific to another federal program, the monitoring did not include a review of the performance of the subrecipients’ TANF YDP programs. The TANF YDP operations transitioned from the Bureau of Workforce Development Administration (BWDA) to the Bureau of Workforce Partnership and Operations (BWPO) in December 2023. During the fiscal year ended June 30, 2025, BWPO began onsite monitoring of the TANF YDP program on a limited basis by developing a pilot program that BWPO used to monitor the TANF YDP program for three subrecipients. BWPO developed a written TANF YDP Monitoring Plan that outlines plans to expand the monitoring to other TANF YDP subrecipients; however, the plan was not fully implemented as of June 30, 2025. Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states: A pass-through entity must: (e) Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must: (1) Review financial and performance reports. (2) Ensure that the subrecipient takes corrective action on all significant developments that negatively affect the subaward. Significant developments include Single Audit findings related to the subaward, other audit findings, site visits, and written notifications from a subrecipient of adverse conditions which will impact their ability to meet the milestones or the objectives of a subaward. When significant developments negatively impact the subaward, a subrecipient must provide the pass-through entity with information on their plan for corrective action and any assistance needed to resolve the situation. Finding 2025 – 009: (continued) (3) Issue a management decision for audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) Resolve audit findings specifically related to the subaward. However, the pass-through entity is not responsible for resolving cross-cutting audit findings that apply to the subaward and other Federal awards or subawards. If a subrecipient has a current Single Audit report and has not been excluded from receiving Federal funding (meaning, has not been debarred or suspended), the pass-through entity may rely on the subrecipient’s cognizant agency for audit or oversight agency for audit to perform audit follow-up and make management decisions related to cross-cutting audit findings in accordance with section § 200.513(a)(4)(viii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (c) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; (2) Performing site visits to review the subrecipient's program operations; and (3) Arranging for agreed-upon-procedures engagements as described in §200.425. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: L&I recognized the need to perform during-the-award monitoring procedures for TANF funds passed through for the Youth E&T program, but the updated monitoring procedures were not fully incorporated during the fiscal year ended June 30, 2025. Effect: TANF subrecipients could be operating in noncompliance with federal regulations without timely detection and correction by L&I management. Recommendation: L&I should continue to strengthen controls to ensure during-the-award monitoring is being performed for all TANF subrecipients and that the monitoring includes procedures to ensure that subrecipients are in compliance with applicable federal regulations. This should include examining subrecipients’ financial records and ensuring that all required Single Audits were obtained by L&I subrecipients. Agency Response: L&I agrees with this finding. TANF YDP operations transitioned from BWDA to BWPO in January 2023. Due to this transition, BWPO did not conduct on site monitoring of the TANF YDP program in Program Year (PY) 22. BWPO did begin monitoring in PY 23 on a limited basis as a pilot with 3 local areas in September of 2024. BWPO expanded monitoring efforts in 2025 by conducting PY 24 TANF YDP monitoring in alignment with the WIOA Common Measures Data Validation cycle. This enhanced desk review monitoring effort concluded by January 2026. PY is defined as July 1st to June 30th. BWPO will further expand annual monitoring of TANF YDP in alignment with the requirement to monitor all TANF YDP grant subrecipients for PY 25 and moving forward. L&I does ensure single audits are obtained from the TANF YDP sub-recipients as a part of our single audit review. Finding 2025 – 009: (continued) Questioned Costs: The amount of questioned costs cannot be determined.
Department of Human Services Finding 2025 – 008: ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Department of Human Services’ Program Monitoring of the Social Services Block Grant Subrecipients (A Similar Condition Was Noted in Prior Year Finding 2024-008) Federal Grant Number(s) and Year(s): 2501PASOSR (10/01/2024 – 9/30/2026), 2401PASOSR (10/01/2023 – 9/30/2025) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirements: Cash Management, Subrecipient Monitoring Condition: Our examination of the Department of Human Services’ (DHS) procedures for monitoring Social Services Block Grant (SSBG) subrecipients revealed that DHS did not adequately risk assess and monitor the SSBG Mental Health, Homeless Assistance, and Child Welfare subrecipients to ensure that SSBG awards are used in compliance with laws and regulations, which include allowable costs, period of performance, and other requirements. Although DHS performed risk assessments of these subrecipients, the risk assessments did not include a consideration of all of the items outlined in 2 CFR Section 200.332 (c) (1)-(4). Further, the risk assessments did not define the course of action to be taken for each assigned risk level. DHS program personnel indicated that they performed on-site monitoring of eight subrecipients with seven final monitoring reports issued and one report in progress. The remaining 67 subrecipients were not monitored during the audit period. Expenditures for Mental Health, Homeless Assistance, and Child Welfare subrecipient programs not monitored totaled $21.7 million (or approximately 23.2 percent) of total SSBG program expenditures of $93.6 million reported on the Schedule of Expenditures of Federal Awards (SEFA). While we noted that DHS monitored eight of the 75 Mental Health County/County Joinder subrecipients which included Mental Health, Homeless Assistance and Child Welfare services, this coverage was not adequate. In addition, our review of the risk assessments completed for all of the aforementioned subrecipients identified several instances where subrecipient monitoring was warranted but was not conducted, including several subrecipients assessed as high risk for which no monitoring procedures were performed. In addition, for the compliance requirement related to cash management, we noted that DHS advanced funds to SSBG subrecipients in four of nine program areas, representing $34.0 million (or approximately 36.3 percent) of SSBG program expenditures, without adequately monitoring the reasonableness of the subrecipient cash balances. In particular, for the program areas related to Mental Health, Intellectual Disabilities, Homeless Assistance, and Child Welfare, DHS advanced funds to subrecipients on a quarterly basis. Our inquiries with applicable DHS program administrators disclosed that DHS did not adequately monitor the four program areas’ subrecipients for cash management compliance either at the time of payment or at any other time during the fiscal year ended June 30, 2025. Furthermore, while Single Audits of SSBG subrecipients may be conducted each year, this auditing activity does not compensate for the lack of during-the-award program monitoring, since the timing, focus, and scope of subrecipient auditing activities after year end are different than compliance monitoring to be performed by program officials during the year. Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states: (c) Evaluate each subrecipient's fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring described in paragraph (f) of this section. When evaluating a subrecipient's risk, a pass-through entity should consider the following: Finding 2025 – 008: (continued) (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits. This includes considering whether or not the subrecipient receives a Single Audit in accordance with subpart F and the extent to which the same or similar subawards have been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of any Federal agency monitoring (for example, if the subrecipient also receives Federal awards directly from the Federal agency). (e) Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must: (1) Review financial and performance reports. (2) Ensure that the subrecipient takes corrective action on all significant developments that negatively affect the subaward. Significant developments include Single Audit findings related to the subaward, other audit findings, site visits, and written notifications from a subrecipient of adverse conditions which will impact their ability to meet the milestones or the objectives of a subaward. When significant developments negatively impact the subaward, a subrecipient must provide the pass-through entity with information on their plan for corrective action and any assistance needed to resolve the situation. (3) Issue a management decision for audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) Resolve audit findings specifically related to the subaward. However, the pass-through entity is not responsible for resolving cross-cutting audit findings that apply to the subaward and other Federal awards or subawards. If a subrecipient has a current Single Audit report and has not been excluded from receiving Federal funding (meaning, has not been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant agency for audit or oversight agency for audit to perform audit follow-up and make management decisions related to cross-cutting audit findings in accordance with section § 200.513(a)(4)(viii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Depending upon the pass-through entity's assessment of the risk posed by the subrecipient (as described in paragraph (c) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; (2) Performing site visits to review the subrecipient's program operations; and (3) Arranging for agreed-upon-procedures engagements as described in § 200.425. Finding 2025 – 008: (continued) 2 CFR Section 200.305 (b)(1), applicable for recipients and subrecipients, states in part: …Advance payments to a recipient or subrecipient must be limited to the minimum amounts needed and be timed with actual, immediate cash requirements of the recipient or subrecipient in carrying out the purpose of the approved program or project. The timing and amount of advance payments must be as close as is administratively feasible to the actual disbursements by the recipient or subrecipient for direct program or project costs and the proportionate share of any allowable indirect costs. The recipient or subrecipient must make timely payments to contractors in accordance with the contract provisions. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: DHS management indicated that risk assessment and monitoring documents were created for use during on-site monitoring of SSBG subrecipients. However, due to staffing issues, on-site monitoring was not performed for all SSBG subrecipients. Consistent with prior year audits, DHS management noted that there have been no changes to the payment methodology for the Homeless Assistance, Mental Health, Intellectual Disabilities, and Child Welfare components of SSBG. These programs provide subrecipients with advances to comply with Commonwealth law and also to ensure that adequate funds are available to provide services to participants on a timely basis. DHS officials believe that their in-house payment review procedures for the SSBG program are as efficient as administratively feasible and that controls exist in each of the program areas. Without on-site program monitoring visits by funding agency officials, we consider DHS’s limited in-house reviews of subrecipient status reports or other documents to be insufficient to detect potential subrecipient noncompliance, including excess cash violations. DHS does not adjust payments to the subrecipients based on in-house reviews. Effect: Since DHS does not adequately perform during-the-award monitoring of subrecipients, including the monitoring of subrecipient cash on hand, subrecipients may not be complying with applicable grant requirements and federal regulations, including cash management standards. Recommendation: DHS should perform risk based during-the-award monitoring procedures for all SSBG subrecipients to ensure timely compliance with all applicable federal regulations. On-site monitoring visits by state officials should be supported by documentation to show the monitoring performed, areas examined, conclusions reached, and that the monitoring was performed in compliance with applicable regulations. As recommended in previous Single Audits and supported by the United States Department of Health and Human Services, DHS should either consider changing their current subrecipient payment procedures from advancement basis to reimbursement basis or establish procedures to adequately monitor subrecipient cash on hand to ensure it is limited to immediate needs, but no longer than one month. The implementation and strengthening of these controls should provide DHS with reasonable assurance as to compliance with cash management requirements at the subrecipient level. Agency Response: DHS agrees with this finding. Questioned Costs: The amount of questioned costs cannot be determined.
Finding Reference Number: 2025-003 Name of Federal Agency: U.S. Department of Treasury Name of Pass-through Entity: Howard County Government Program Title: Coronavirus State and Local Fiscal Recovery Fund Federal Award No.: 02-11-0-D000-0237 Assistance Listing Number: 21.027 Federal Award Year: 2024-2025 Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria: A pass-through entity (PTE) must Identify the Award and Applicable Requirements – Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR 200.332(a)(1); (2) all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR 200.332(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR 200.332(a)(3)). Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework,” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: During our fiscal year 2025 compliance audit, we noted that the Authority awarded all twenty-seven (27) subawards without referring to federal statutes, regulations, and the terms and conditions of the award as described in 2 CFR 200.332(a)(1), 2 CFR 200.332(a)(2), and 2 CFR 200.332(a)(3). Context: The Authority awarded twenty-seven (27) subawards during fiscal year 2025 totaling $1,000,000, which represents over 99% of the total federal expenditures during fiscal year 2025. Cause: The Authority did not have adequate controls to review subaward agreements to ensure all compliance requirements are captured, that information is consistent between pass-through entity records and the subaward, and that all required elements are included. Effect: As a result of not including the proper information in the subaward agreements, the subrecipients may not be able to comply with the terms of the grant agreement and 2 CFR part 200. Identification as a Repeat Finding, if Applicable: No. Questioned Costs: None identified.Recommendation: We recommend the Authority evaluate its policies and procedures to ensure that subaward agreements include all required information as described in 2 CFR 200.332(a)(1), 2 CFR 200.332(a)(2), and 2 CFR 200.332(a)(3). Responsible Official: Controller Views of Responsible Official and Planned Corrective Action: Management concurs with the audit finding. See the accompanying management’s corrective action plan for planned corrective action.
Questioned Cost $ – Finding No. 2025-003: Subrecipient Monitoring (Material Weakness) Federal Agency: U.S. Department of Commerce AL Number and Title: 11.029 – TBCP Award Number and Award Year: NT23TBC0290054 2024 Repeat Finding? No Condition During our audit, we examined a non-statistical sample of one subaward and noted the following instances of noncompliance: - Subaward agreements did not include certain required federal award information. - A risk assessment was not performed for the subrecipient prior to execution of the subaward agreement. - No evidence of pass-through entity verifying that subrecipients are audited. Criteria 2 CFR Section 200.332(b) requires subawards to clearly identify information, such as Federal Award Identification Number, identification of whether the award is for research and development, period of performance, and indirect costs. 2 CFR Section 200.332(c) requires the pass-though entity to evaluate each subrecipient’s risk of noncompliance to determine the appropriate level of monitoring. 2 CFR Section 200.332(g) requires a pass-through entity to verify that every subrecipient is audited as required by 2 CFR Section 200, Subpart F, when it is expected that the subrecipient’s expenditures exceed applicable thresholds. Effect By not including the required information in the subaward, not performing the risk assessment, and verifying whether the subrecipient is audited, the Department may not be providing the appropriate level of monitoring over its subrecipients and represents noncompliance with 2 CFR Section 200.332. Cause and View of Responsible Officials Program personnel indicated that subaward information was provided and verification of audit was performed. However, no formal documentation was retained and no risk assessment was performed. Recommendation We recommend that program management retain evidence of the process, including who performed the procedure and the date performed, perform risk assessments, and provide the required federal award information to subrecipients.
Criteria: 2 CFR 200.332(b)(1) requires every subaward to include required information and is clearly identified. Condition/Context: Review of the agreements with three subrecipients identified certain communications required were not included in the language of the agreement. Cause: The Center was not aware of the information that is required to be included in the subaward agreement. Effect: The Center was not in compliance with 2 CFR 200.332(b)(1). Questioned Costs: None Repeat finding: Repeat of prior year finding 2024-004. Recommendation: Management should review and refine its subaward agreements to include the necessary information as required by 2 CFR 200.332(b)(1). Views of Responsible Officials: Management agrees with the finding; see corrective action plan.
Federal program: AL 21.027, COVID-19 Coronavirus State and Local Fiscal Recovery Funds; Federal agency: U.S. Department of Treasury; Award year: 2025; Criteria: Per the 2025 Office of Management and Budget (OMB) Compliance Supplement, part 4, requirement M, Subrecipient Monitoring, pass-through entities are required to perform monitoring of their subrecipients. This is further described in Uniform Guidance 2 CFR 200.332 which states "A pass-through entity must...(e) Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The passthrough entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must: (1) Review financial and performance reports, (2) Ensure that the subrecipient takes corrective action on all significant developments that negatively affect the subaward. Significant developments include Single Audit findings related to the subaward, other audit findings, site visits, and written notifications from a subrecipient of adverse conditions which will impact their ability to meet the milestones or the objectives of a subaward. When significant developments negatively impact the subaward, a subrecipient must provide the passthrough entity with information on their plan for corrective action and any assistance needed to resolve the situation. (3) Issue a management decision for audit findings pertaining only to the Federal award provided to the subrecipient from the passthrough entity as required by § 200.521. (4) Resolve audit findings specifically related to the subaward...".; Condition: Evidence was not retained of monitoring subrecipients’ financial and single audit reporting or of any follow up actions as a result of monitoring.; Cause: The cause appears to be attributable to a lack of consistently applied procedures for retention of data files supporting the performance of subrecipient monitoring. If the review was performed, it was retained within the employee’s emails and not through use of an ARPA/SLFRF shared folder. The employee performing the review is no longer with the County and the review documentation could not be located. It is undeterminable if this monitoring was performed.; Effect or potential effect: Without adequate review of the subrecipient’s financial and single audit reporting related to program expenditures incurred, the control environment, compliance with laws, regulations, and program requirements, errors or misappropriation of assets could exist without the County's knowledge.; Questioned costs: No known or estimated questioned costs identified.; Context: Out of a population of 14 subrecipients, six were selected for testing for which no evidence was retained indicating the County’s review of financial and single audit reporting of the subrecipients.; Repeat finding: No.; Recommendation: The County should develop and implement policies and procedures to ensure that all subrecipient monitoring is performed and retained.; Views of responsible officials: The County understands and concurs with the finding.
Criteria or specific requirement: Per 2 CFR 200.332, all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information listed in 2 CFR 200.332(a)(1) at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Per 2 CFR 200.332(b), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes required award information. A pass-through entity must provide the best available information when some of the information below is unavailable. A pass-through entity must provide the unavailable information when it is obtained. Required information includes: Subrecipient's name, Subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), Federal Award Date, Subaward Period of Performance Start and End Date, Subaward Budget Period Start and End Date, Amount of Federal Funds Obligated in the subaward, Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation, Total Amount of the Federal Award committed to the subrecipient by the pass-through entity, Federal award project description, as required by the Federal Funding Accountability and Transparency Act (FFATA), Name of the Federal agency, pass-through entity, and contact information for awarding official of the pass-through entity, Assistance Listings title and number, Identification of whether the Federal award is for research and development, Indirect cost rate for the Federal award (including if the de minimis rate is used. Per 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework,” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: During our testing of subrecipient monitoring, we noted that for certain subawards the Kansas Division of Emergency Management (KDEM) did not timely issue the subaward letter to the subrecipients, which should have been communicated within 30 days of subaward being obligated or before subaward payments were made. Questioned costs: None. Context: For eleven of twenty-eight subrecipients selected for testing, KDEM did not issue subaward letters to the subrecipient timely when the funds were approved and obligated. Further for six of the eleven subrecipients tested, KDEM did not maintain documentation from a previously utilized portal that they no longer have access to. Cause: 2 CFR 200.332(a) requires subawards to include certain required information to be communicated to subrecipients at the time of the subaward being awarded. The subawards were made prior to KDEM fully implementing their corrective action plan. For six of the transactions, KDEM no longer has access to the portal in which the subaward documentation is maintained. Effect: Failure to issue subawards timely and to include required federal award information could result in subrecipients not properly administering the federal program in accordance with federal regulations. Repeat Finding: Yes, Finding 2024-011. Recommendation: We recommend that KDEM continues to implement its corrective action plan from prior year and continue to enhance its internal controls and procedures to ensure that the subaward letter is issued to subrecipients timely to ensure all required federal award information is communicated to the subrecipient at the time of the subaward. Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: Per 2 CFR 200.332, all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information listed in 2 CFR 200.332(a)(1) at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Subrecipient's name, Subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), Federal Award Date, Subaward Period of Performance Start and End Date, Subaward Budget Period Start and End Date, Amount of Federal Funds Obligated in the subaward, Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation, Total Amount of the Federal Award committed to the subrecipient by the pass-through entity, Federal award project description, as required by the Federal Funding Accountability and Transparency Act (FFATA), Name of the Federal agency, pass-through entity, and contact information for awarding official of the pass-through entity, Assistance Listings title and number, Identification of whether the Federal award is for research and development, Indirect cost rate for the Federal award (including if the de minimis rate is used). Per 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework,” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.332(f) pass-through entities must verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Per 2 CFR 200.332(e)(2), a pass-through entity must following-up and ensure that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. Single Audit findings referenced above are those resulting from audits required under 2 CFR 200.501. Condition: Subawards issued by the Kansas Department of Health and Environment (Department) did not include all required subaward information and failed to obtain the Unique Identity ID for all subawards. The Department did not obtain the required audit information (Single Audit or another applicable audit) from its subrecipient during the audit period. Questioned costs: None. Context: Twenty-five of thirty-four subawards selected for testing, totaling $11,685,599, did not include all required federal award information. Specifically, the following was omitted: • Subrecipient’s Unique Identifier - (Twenty-five of Thirty-four subawards) • Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation – (Twenty-five of thirty-four subawards) • Identification of whether the award is research and development - (Twenty-five of Thirty-four subawards) • Indirect cost rate for federal award - (twenty-five of Thirty-four subawards) For two of the thirty-four subawards the Department failed to provide evidence that the Unique Entity ID was obtained. We were not provided with an audit report for one of the thirty-four subawards tested, totaling $680,010. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required federal award information and obtain the required Unique Entity ID. Internal controls did not prevent or detect the errors. The Department did not have adequate procedures in place, or did not consistently implement existing procedures, to request, obtain, and track required subrecipient audit reports as part of its subrecipient monitoring process. Effect: Excluding the required federal award information at the time of subaward issuance could result in subrecipients not properly administering the federal programs in accordance with federal regulations. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports when all federal award information is not provided to them. Failure to obtain the subrecipient’s UEI resulted in incomplete subaward identification and increases the risk of ineffective subrecipient monitoring. Without obtaining and reviewing the subrecipient’s audit, the Department lacked reasonable assurance that audit findings, questioned costs, or instances of noncompliance affecting the subaward were identified and addressed. This increased the risk that Federal funds were not administered in accordance with applicable requirements. Repeat Finding: Yes, finding 2024-006. Recommendation: We recommend that the Department revise the subaward templates to include all required federal award information and update its procedures and internal controls to ensure that all required federal award information is included in subawards at the time of issuance. The Department should establish and implement formal subrecipient monitoring procedures to ensure required audit reports are requested, obtained, and reviewed in a timely manner. The Department should document its review of audit results and perform appropriate follow‑up on any identified deficiencies to ensure compliance with Federal requirements. Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: Per 2 CFR 200.332, all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information listed in 2 CFR 200.332(a)(1) at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Per 2 CFR 200.332(b), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes required award information. A pass-through entity must provide the best available information when some of the information below is unavailable. A pass-through entity must provide the unavailable information when it is obtained. Required information includes: Subrecipient's name, Subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), Federal Award Date, Subaward Period of Performance Start and End Date, Subaward Budget Period Start and End Date, Amount of Federal Funds Obligated in the subaward, Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation, Total Amount of the Federal Award committed to the subrecipient by the pass-through entity, Federal award project description, as required by the Federal Funding Accountability and Transparency Act (FFATA), Name of the Federal agency, pass-through entity, and contact information for awarding official of the pass-through entity, Assistance Listings title and number, Identification of whether the Federal award is for research and development, Indirect cost rate for the Federal award (including if the de minimis rate is used. Per 2 CFR 200.332(a), a pass-through entity must verify that the subrecipient is not excluded or disqualified in accordance with § 180.300. Verification methods are provided in § 180.300, which include confirming in SAM.gov that a potential subrecipient is not suspended, debarred, or otherwise excluded from receiving Federal funds. Per 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework,” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Subawards issued by the Kansas Department of Education and Kansas Department of Children and Families (Departments) did not include all required subaward information. Subawards underwent suspension and debarment verification from sam.gov but this process was not formally documented. Questioned costs: None. Context: Eleven of nineteen subawards selected for testing, totaling $991,788, did not include all required federal award information. Specifically, the following was omitted: • Federal Award Identification Number (FAIN) • Name of the Federal agency and contact information for awarding official of the pass-through entity • Assistance Listing Number; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at the time of disbursement • Identification of whether the award is research and development • In addition, for eleven of the eleven subawards tested, the Department did not maintain documentation evidencing that suspension and debarment verification was performed prior to issuing the subawards. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required federal award information and that suspension and debarment verification was documented. Internal controls did not prevent or detect the errors. Effect: Excluding the required federal award information at the time of subaward issuance could result in subrecipients not properly administering the federal programs in accordance with federal regulations. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports when all federal award information is not provided to them. As a result of this condition, the federal awarding agency lacks full assurance that program funds were administered in compliance with federal requirements, including requirements related to vendor suspension and debarment. This condition limits the government’s ability to ensure proper oversight and stewardship of federal funds. Repeat Finding: No Recommendation: We recommend that the Departments develop a subaward template that includes all required federal award information and update its procedures and internal controls to ensure that all required federal award information is included in subawards at the time of issuance. We recommend that management enhance its procurement procedures to require and retain documented evidence that vendors are verified as not suspended or debarred prior to the award of contracts or payment of federal funds. Maintaining this documentation will help ensure compliance with federal requirements and support the government’s assurance that federal funds are expended only with eligible vendors. Views of responsible officials: There is no disagreement with the audit finding.
2025-027. Subrecipient Monitoring Federal Agencies: Department of Health and Human Services Federal Program Titles: Refugee and Entrant Assistance-State/Replacement Designee Administered Programs Assistance Listings: 93.566 Federal Grant ID Numbers: 2201SCRSSS & 2401SCRSSS Pass-Through Entity: Not applicable Award Period: October 1, 2022 through September 30, 2025 Type of Finding: Material weakness in internal control over compliance, material noncompliance Criteria: 2 CFR § 200.303(a) requires that the recipient and subrecipient establish and maintain effective internal control over the federal award that provides reasonable assurance that the recipient or subrecipient is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. 2 CFR § 200.332(c) requires that all pass-through entities evaluate each subrecipient's fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring. 2 CFR § 200.332(e) requires that all pass-through entities monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. Condition: The Department did not maintain the subrecipient monitoring and did not comply with federal subrecipient monitoring requirements. Cause: The Department has not fully implemented the corrective action associated with this finding from the prior year. Effect: The Department is not in compliance with federal subrecipient monitoring requirements. Questioned Costs: None, as the finding relates to monitoring and not unallowable expenditures. Context: The checklists were not maintained, and the Department could not provide the completed checklist to demonstrate monitoring of any subrecipients during FY 2025. For one subrecipient, the Department did not provide documentation to demonstrate that a verification was performed to confirm the subrecipient was not excluded or disqualified. Additionally, the Department failed to evaluate subrecipients for risks, create a monitoring plan that considered those risks, or sufficiently monitor and address the audit findings of the subrecipient. Prior Year Single Audit Finding Number: 2024-021 Recommendation: We recommend the Department continue its efforts to strengthen their current policies and procedures and to ensure that the subrecipient monitoring checklist is being completed and maintained. Views of responsible officials and planned corrective actions: See management’s response on page 198.
Finding 2025-001 Monitoring of Subrecipients Research and Development Cluster National Aeronautics and Space Administration (ALN 43.001) Grant Number: 80NSSC23K1013 Statistically Valid Sample: No, and it was not intended to be Prior Year Finding: Not a repeat finding. Finding Type: Significant Deficiency and Noncompliance Criteria: According to 2 CFR 200.332(d), a pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations and the terms and conditions of the subawards, and that the subaward performance goals are achieved, Accordingly, 2 CFR 200.332(d)(3) and 2 CFR 200.521 state that a pass-through entity is required to issue a management decision on federal awards audit findings within six months of the acceptance of the report by the Federal Audit Clearinghouse and ensure the subrecipient takes timely and appropriate corrective action on all audit findings. In addition, 2 CFR 200.303 requires nonfederal entities to, among other things, establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include procedures to ensure single audit reports are reviewed and completed in a timely manner, and management decisions are issued within required timeframes. Condition and Context: The Garden performs a comprehensive risk assessment for all subrecipients and has established monitoring procedures which are applied to each of their four subrecipients throughout the life of the grant. These procedures include a detailed review of invoices submitted for reimbursement by the subrecipient and communication with the subrecipient as needed throughout the year. While the Garden obtained a copy of the subrecipients’ single audit report during the initial risk assessment process, the Garden did not obtain or review the most recently issued single audit report for each subrecipient during 2025 to determine if there were any findings related to their federal awards which would require the Garden to issue a management decision on audit findings. Cause: Management had a control in place to obtain the subrecipient single audit reports upon entering into the subaward agreements. However, the control was not properly designed to obtain subrecipient single audit reports annually in the subsequent years the agreement was still in place.. Effect: Failure to obtain and review the subrecipient single audit reports in a timely manner may result in the Garden not being aware of a material noncompliance by a subrecipients and the Garden not documenting management’s decision timely in accordance with the guidance. Questioned Costs: No questioned costs were noted as a result of the audit procedures performed. Recommendation: We recommend the Garden establish procedures to ensure subrecipient single audit report are obtained and reviewed on an annual basis. In addition, the Garden should document whether a management decision was prepared or whether it is not required based on review of the findings, if any. Views of Responsible Officials: Management agrees with the finding. Subsequent to year end, Management has obtained and reviewed Single Audit filings for all its Subrecipients from the Federal Audit Clearinghouse. In their review of the Subrecipient Single Audit Reports, they did not note any findings related to its Federal programs. Management has implemented a control to continue to obtain and review the Single Audit filings for its Subrecipients on an annual basis.
CORONAVIRUS STATE AND LOCAL FISCAL RECOVERY FUNDS – SUBRECIPIENT MONITORING Finding Number: 2025-004 State Agency Number: DEV-02 Assistance Listing Number and Title: 21.027 COVID-19 – Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Federal Award Identification Numbers / Years: SLFRP2610 / 2021 SLFRP0130 / 2021 Federal Agency: Department of Treasury Compliance Requirement: Subrecipient Monitoring Repeat Finding from Prior Audit? Yes Prior Audit Finding Number: 2024-005 NONCOMPLIANCE AND MATERIAL WEAKNESS 2 C.F.R. § 1000.10 gives regulatory effect to the Department of Treasury for 2. C.F.R. § 200.332, which establishes requirements over subawards for pass-through entities and states: All pass-through entities must: . . . (e) Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must: (1) Review financial and performance reports. (2) Ensure that the subrecipient takes corrective action on all significant developments that negatively affect the subaward. Significant developments include Single Audit findings related to the subaward, other audit findings, site visits, and written notifications from a subrecipient of adverse conditions which will impact their ability to meet the milestones or the objectives of a subaward. When significant developments negatively impact the subaward, a subrecipient must provide the pass-through entity with information on their plan for corrective action and any assistance needed to resolve the situation. . . . It is management’s responsibility to design and implement internal control procedures over subrecipient monitoring to ensure federal funds are being spent for allowable purposes and in accordance with program requirements. It is also management’s responsibility to monitor these control procedures to ensure they are operating effectively and as intended. During state fiscal year 2025, the Department expended approximately $389.5 million in subawards to SLFRF subrecipients. The Department created several subprograms for various development and community-related activities as part of the SLFRF program. The subrecipients of these subprograms were required to submit a quarterly program report which includes data on projects funded, expenditures, contracts, and subawards equal to or greater than $50,000, to the Department through the Salesforce System. The Department’s Community Services Division oversees the Water Sewer Quality program and did not obtain the required quarterly program reports 13 out of 23 (56.5%) subrecipients selected for testing. Further, the Community Services Division did not have a process in place to follow-up with its subrecipients to obtain the missing program reports for a majority of the audit period [until April 2025]. Without adequate procedures in place to collect program reports from subrecipients to monitor compliance with federal statutes, laws, and regulations, there is an increased risk subrecipients may misuse federal funds for unauthorized purposes. This could lead to fines, penalties, or repayment of program funds being imposed by the federal grantor agency. Based on discussions with management, the lapse in monitoring was caused by employee turnover, slowing the monitoring of subrecipient’s report submissions. We recommend the Department develop and re-evaluate its internal control procedures to ensure all subprograms and subrecipients are adequately monitored for program compliance. We also recommend the Department evaluate existing control procedures to reasonably ensure the quarterly program reports submitted through the Salesforce System are timely, accurate, and complete. These procedures should be adequately documented and maintained to ensure the internal controls are in place and operating as management intended. Management should periodically monitor these procedures to ensure they are working as intended.
(2025-017) Title: Internal control over SNAP subrecipient monitoring procedures needs improvement Prior Year Findings: None State Department: Health and Human Services State Bureau: Office for Family Independence Federal Agency: U.S. Department of Agriculture Assistance Listing Title: SNAP Cluster Assistance Listing Number: 10.551, 10.561 Federal Award Identification Number: See E-65 to E-66 Compliance Area: Subrecipient monitoring Type of Finding: Significant deficiency Questioned Costs: None Criteria: 2 CFR 200.303; 2 CFR 200.332 The Department must establish, document, and maintain effective internal control over Federal awards that provides reasonable assurance that the Department is managing awards in compliance with Federal statutes, regulations, and the terms and conditions of awards. The Department must: • ensure that every subaward is clearly identified to the subrecipient as a subaward and includes specific information. • evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring procedures. Condition: The Supplemental Nutrition Assistance Program (SNAP) is administered by the Office for Family Independence (OFI). In addition to providing monthly benefits to eligible households to purchase nutritious foods, SNAP has administrative funding that may be used to educate the public on nutrition and to assist SNAP clients in gaining the skills, training, and work experience needed to build a career and achieve long-term stability. The Office of the State Auditor (OSA) tested all 7 contracts with 4 SNAP subrecipients for compliance with: • award identification requirements, and found: o 6 contracts did not include Federal award identification numbers; and o 1 contract did not include the Assistance Listing title and number. • subrecipient risk evaluation procedures. OFI provided evidence to support that subrecipient monitoring procedures were performed; however, documentation that risk evaluation procedures performed corresponded to the appropriate level of monitoring activities could not be provided. Context: In fiscal year 2025, OFI provided $5.1 million from a total of $19.7 million in SNAP administrative funds to SNAP subrecipients. Cause: • Lack of adequate policies and procedures • Lack of supervisory oversight Effect: • Noncompliance with Federal regulations • Subrecipients that are deemed higher risk may not be monitored on a more frequent basis. Conversely, subrecipients that are deemed lower risk may not be monitored on a less frequent basis, which would free resources and time to dedicate towards other higher risk subrecipients. Recommendation: We recommend that the Department implement policies and procedures to: • ensure that all required information is included in contracts and contract amendments. This will ensure compliance with Federal requirements. • require evaluation of each subrecipient’s risk of noncompliance specifically for the purpose of determining the appropriate subrecipient monitoring to be performed. This will ensure subrecipients are monitored appropriately based on risk designation. Corrective Action Plan: See F-13 Management’s Response: The Department partially agrees with the finding. We acknowledge six of the contracts did not include the Federal award identification number, and that one contract did not include the assistance listing title and number. The Department disagrees that we do not have adequate subrecipient risk evaluation procedures. The Department evaluates risk on its subrecipients for the purposes of determining the appropriate subrecipient monitoring in multiple ways. The first assessment of risk is when a subaward is competitively bid. The second assessment of risk is built into the Maine Uniform Accounting and Auditing Practices for Community Agencies (MAAP) in which higher risk subrecipients undergo a higher level of testing by Independent Public Accountants. Finally, the Social Service Unit of the Division of Audit performs a risk assessment and tests transactions for those subrecipients that have been determined to be higher risk. Contact: Patricia Dushuttle, Special Projects Manager- SNAP, DHHS, 207-215-0995 Auditor’s Concluding Remarks: 2 CFR 200.332(b) states that the Department must evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. The Department has indicated in Management’s Response that the criteria set forth in 2 CFR 200.332(b) have been met; however, the following rebuttals illustrate that the Department is not in compliance with Federal requirements: • The Department identifies the first assessment of risk: when a subaward is competitively bid. o While OSA acknowledges this does occur, 6 of the 7 subawards tested were not competitively bid. o The level of subrecipient monitoring that the Department performs is based on the services provided, not on specific subrecipients, as required. • The Department identifies the second assessment of risk: built into MAAP in which higher risk subrecipients undergo a higher level of testing by independent public accountants. o A subrecipient deemed higher risk as the result of a risk evaluation in accordance with 2 CFR 200.332 may not be deemed higher risk in accordance with MAAP standards. • The Department identifies the third assessment of risk: the Social Service Unit of the Division of Audit (DOA) performs a risk assessment and tests transactions for those subrecipients that have been determined to be higher risk. o The Department did not provide documentation to demonstrate that subrecipient monitoring procedures are performed by program personnel as a result of a risk evaluation conducted by DOA. The Department’s existing policies and procedures do not require nor provide support for the evaluation of each subrecipient’s risk of noncompliance specifically for the purpose of determining the appropriate subrecipient monitoring to be performed. The finding remains as stated. (State Number: 25-1108-04)
(2025-020) Title: Internal control over CNC subrecipient monitoring procedures needs improvement Prior Year Findings: See Schedule of Findings and Questioned Costs for chart/table State Department: Education State Bureau: Child Nutrition Services Federal Agency: U.S. Department of Agriculture Assistance Listing Title: Child Nutrition Cluster Assistance Listing Number: 10.553, 10.555, 10.556, 10.559, 10.582 Federal Award Identification Number: See E-65 to E-66 Compliance Area: Subrecipient monitoring Type of Finding: Material weakness Material noncompliance Questioned Costs: None Criteria: 2 CFR 200.303; 2 CFR 200.332; 7 CFR 210.18; 7 CFR 225.7; U.S. Department of Agriculture Policy Memo SP 46-2015 The Department must establish, document, and maintain effective internal control over Federal awards that provides reasonable assurance that the Department is managing awards in compliance with Federal statutes, regulations, and the terms and conditions of awards. The Department must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. The Department must conduct administrative reviews of School Food Authorities (SFAs) participating in the National School Lunch Program (NSLP) and the School Breakfast Program (SBP). These procedures must also be followed, as applicable, to conduct administrative reviews of the Special Milk Program (SMP) and the Fresh Fruit and Vegetable Program (FFVP). Documented corrective action is required for any degree of violation of general or critical areas identified in an administrative review. Corrective action may be provided at the time of the review; however, it must be postmarked or submitted electronically to the State agency no later than 30 days from the deadline for completion of each required corrective action. The State agency must maintain any documented corrective action on file for review by the Food and Nutrition Service (FNS). The Department must withhold all program payments to an SFA if: • documented corrective action for critical area violations is not provided with deadlines specified; or • corrective action for critical area violations was not completed. FNS may suspend or withhold program payments, in whole or in part, to those states failing to withhold payments in accordance with regulations and may withhold administrative funds. The Department must review sponsors to ensure compliance with Summer Food Service Program (SFSP) regulations. The Department is required to conduct a review of base year certification and benefit issuance documentation for any SFA requesting approval to participate in NSLP or SBP using U.S. Department of Agriculture (USDA) Special Provision 2, which is a provision established to reduce application burdens and simplify claim procedures. The review must occur at some point during the base year. If errors are identified as a result of the review, the Department must adjust all of the SFA’s closed claims that occurred in the current school year. Condition: The Child Nutrition Cluster (CNC) includes the NSLP, SBP, SMP, SFSP, and FFVP. The objectives of the programs are to provide nutritious meals to eligible children in schools and summer food programs; to foster healthy eating habits by providing fresh fruits and vegetables to children attending elementary schools; and to encourage the consumption of nutritious agriculture commodities. The Department of Education (DOE) is responsible for the administration of CNC programs for the State. DOE partners with local SFAs and sponsors to provide benefits to school-aged children. DOE has assigned subrecipient monitoring responsibilities, which include administrative reviews and other reviews as needed, to the Child Nutrition Services (CNS) division. Administrative reviews of all SFAs and sponsors are required at least once every 5 years; however, regulations also specify that high-risk SFAs and sponsors must receive targeted follow-up within 2 years. CNS utilizes a spreadsheet to track and facilitate the reviews, and a USDA questionnaire and information within the Child Nutrition Program (CNPWeb) system to document the completion of the review and related corrective action. CNS does not have a mechanism to centrally track the high-risk SFAs and sponsors to ensure follow-up occurs. CNS is required to retain documentation to support all elements of the administrative reviews and to demonstrate SFA and sponsor compliance with the program, even if corrective action occurs onsite during the review. The Office of the State Auditor (OSA) tested 16 administrative reviews completed by CNS and found: • Performance Standard 1 findings, deemed critical findings by USDA, were identified in 1 NSLP review, but required follow up fiscal action was not properly tracked. • Performance Standard 2 findings, also deemed critical by USDA, were identified in 3 reviews, but follow up corrective actions were not properly tracked, received, and/or approved. In addition, corrective action was not provided within 30 days for 2 of the 3 reviews. • corrective action for 3 reviews required fiscal action; 2 reviews indicated a reduction of a future claim would be processed, and 1 review indicated a check for repayment to the State would be received. Documentation in the CNPWeb system: o was not available to support that 2 required fiscal actions were taken, and o conflicted with the tracking spreadsheet for 1 fiscal action. • corrective action responses were missing for 4 reviews, 1 of which was marked as approved by CNS. • corrective action responses submitted by 2 SFAs were missing CNS approval information, but the reviews were marked as closed. • corrective action responses submitted by 3 SFAs were missing SFA contact information and submission dates. • the date for required corrective action to be provided was omitted for 4 reviews. • corrective action for 1 review was received late. • USDA questionnaire sections related to SFSP procurement were erroneously excluded for 4 reviews. • USDA questionnaires were not fully completed for 2 reviews. • the review tracking spreadsheet was not fully completed or conflicted with information obtained from the administrative review for 10 reviews. • the SFSP administrative review tracking spreadsheet was not designed to properly track corrective action, related due dates, and CNS review and approval dates; this was noted in all 8 SFSP administrative reviews tested. CNS updated the design of the tracking spreadsheet in fiscal year 2025 to ensure this information is properly tracked. OSA selected a non-statistical random sample. In addition to administrative reviews, CNS must perform base year reviews for all SFAs and sponsors that have applied to participate in USDA Special Provision 2. These base year reviews provide the required information necessary to determine the level of claims the SFA or sponsor may submit in the subsequent 3 years. In fiscal year 2025, CNS identified 4 SFAs that required a base year review, 2 of which were completed alongside the SFA’s administrative review. OSA tested the remaining 2 base year reviews and identified that neither review was completed by CNS as required. OSA cannot determine if unallowable costs exist through the audit of subrecipient monitoring activities, as required information was not collected through OSA’s subrecipient monitoring testing procedures; however, OSA reported questioned costs in the audit of allowable costs/cost principles and eligibility. See findings 2025-019 Internal control over CNC claim reimbursements needs improvement and 2025-020 Internal control over CNC eligibility needs improvement, respectively. Context: In fiscal year 2025, the Department provided 241 subrecipients with $70.7 million in CNC program funds, which represents 99 percent of CNC programs’ $71.3 million total expenditures. Cause: • Lack of supervisory oversight • Lack of adequate policies and procedures Effect: • Noncompliance with Federal regulations • Subrecipients may not be complying with Federal statutes, regulations, or the terms and conditions of the subaward. • Base year reviews provide authorization for the level of allowable claims an SFA or sponsor can claim in subsequent periods; if a base year review is not completed and participation in USDA Special Provision 2 continues, SFAs and sponsors could be underclaiming or overclaiming costs. • Potential questioned costs and disallowances Recommendation: We recommend that the Department enhance policies and procedures and increase oversight to ensure that: • reviews are completed as required and supporting documentation is retained; • required corrective and fiscal actions are implemented, reviewed, and completed; and • high-risk SFAs and sponsors are tracked and considered in planning follow-up reviews. Corrective Action Plan: See F-15 Management’s Response: The Department partially agrees with this finding. Regulatory requirements for the administrative review process including corrective and fiscal action were met. Staff will receive training on tracking sheet completion and additional internal control measures that document requirements were met. The 2026 SFSP tracker has been updated to clarify the date of corrective action and now reads “Corrective Action Received Date”. Contact: Jane McLucas, Director of Child Nutrition, DOE, 207-624-6880 Auditor’s Concluding Remarks: The exceptions noted in the finding outline instances where documentation in support of the administrative review process, including required corrective action by subrecipients, could not be provided or was incomplete. The Department’s existing policies and procedures do not provide assurance that administrative reviews are monitored, completed, documented, and considered in subsequent reviews as required by Federal program regulations. The finding remains as stated.
(2025-023) Title: Internal control over CNC subrecipient audit monitoring needs improvement Prior Year Findings: None State Department: Education State Bureau: Commissioner’s Office Child Nutrition Services Federal Agency: U.S. Department of Agriculture Assistance Listing Title: Child Nutrition Cluster Assistance Listing Number: 10.553, 10.555, 10.556, 10.559, 10.582 Federal Award Identification Number: See E-65 to E-66 Compliance Area: Subrecipient monitoring Type of Finding: Significant deficiency Questioned Costs: None Criteria: 2 CFR 200.303; 2 CFR 200.332 The Department must establish, document, and maintain effective internal control over Federal awards that provides reasonable assurance that the Department is managing awards in compliance with Federal statutes, regulations, and the terms and conditions of awards. The Department must verify that subrecipients are audited as required. Condition: The Department of Education (DOE) is responsible for the administration of Child Nutrition Cluster (CNC) programs for the State. DOE partners with subrecipient School Food Authorities and sponsors to provide nutritious meals to eligible children in schools and summer food programs; to foster healthy eating habits by providing fresh fruits and vegetables to children attending elementary schools; and to encourage the consumption of nutritious agriculture commodities. DOE is required to verify that all subrecipients are audited as required when Federal award expenditures exceed the Single Audit threshold. DOE utilizes a spreadsheet to track and facilitate subrecipient audit monitoring. The spreadsheet tracks each DOE subrecipient, the subrecipient’s auditor, the date of receipt of the Single Audit report, the date the report was reviewed by DOE, any requests for an extension, any exceptions noted within the Single Audit report, and a corrective action plan due date, as applicable. The Office of the State Auditor (OSA) tested 22 CNC subrecipients required to receive a Single Audit and found: • 2 subrecipients were granted submission extensions; however, both audit reports were received after the approved extension date and documentation for an additional extension or late receipt could not be provided. • 1 subrecipient was documented on the tracking spreadsheet; however, the only information included was the subrecipient’s name. In addition, email communications indicated multiple expired extensions, but this information was not included or tracked by DOE. OSA selected a non-statistical random sample. Context: In fiscal year 2025, the Department provided 241 subrecipients with $70.7 million in CNC program funds, which represents 99 percent of CNC programs’ $71.3 million total expenditures. Cause: • Lack of supervisory oversight • Lack of adequate policies and procedures Effect: • Noncompliance with Federal regulations • Subrecipients may not be undergoing audits as required by Federal regulations. Recommendation: We recommend that the Department enhance policies and procedures and increase oversight to ensure that all CNC subrecipients are properly tracked and submit Single Audit reports as required. Corrective Action Plan: See F-16 Management’s Response: The Department agrees with this finding. Audit tracking was previously performed through a manual process. As the result of a RFP, an upgrade to the Maine Education Financial System will include an automated tracking system and dashboard to more effectively manage receipt of school administrative unit audits. In the interim, the Policy and Procedure Manual will be updated to include supervisory review of the tracking spreadsheet on a monthly basis. Contact: Nicole Denis, Director of Finance, DOE, 207-530-2161 (State Number: 25-1203-07)
(2025-032) Title: Internal control over Health Disparities program subrecipient monitoring procedures needs improvement Prior Year Findings: None State Department: Health and Human Services Public Safety State Bureau: Maine Center for Disease Control & Prevention Emergency Medical Services Federal Agency: U.S. Department of Health and Human Services Assistance Listing Title: Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crises Assistance Listing Number: 93.391 Federal Award Identification Number: See E-65 to E-66 Compliance Area: Subrecipient monitoring Type of Finding: Material weakness Material noncompliance Questioned Costs: None Criteria: 2 CFR 200.303; 2 CFR 200.332 The Department must establish, document, and maintain effective internal control over Federal awards that provides reasonable assurance that the Department is managing awards in compliance with Federal statutes, regulations, and the terms and conditions of awards. The Department must: • ensure that every subaward is clearly identified to the subrecipient as a subaward and includes specific information. • evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring procedures. • monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition: The Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crises (Health Disparities) program was implemented to address disparities in access to healthcare in populations that are at high-risk and underserved, including racial and ethnic minority groups and people living in rural communities. The Health Disparities program is administered by the Maine Center for Disease Control & Prevention’s (MeCDC) Division of Population Health Equity. MeCDC has a memorandum of understanding in place with the Department of Public Safety’s Emergency Medical Services (EMS) Bureau to assist in administering the Health Disparities program. The Office of the State Auditor (OSA) tested 11 contracts or contract amendments issued by MeCDC and 3 contracts issued by EMS for compliance with: • award identification requirements and found: o 9 contract amendments issued by MeCDC did not include the name of the Federal agency issuing the award, the Federal award identification number, or the Federal award date; and o all 3 contracts issued by EMS did not include the Federal award identification number, the Federal award date, the assistance listing title and number, or the indirect cost rate for the Federal award. • subrecipient risk evaluation procedures and found through inquiry of program personnel at MeCDC and EMS that policies and procedures were not in place to ensure risk assessments were performed or used to determine subrecipient monitoring activities. As a result, subrecipient monitoring activities were the same for all subrecipients/contracts, regardless of risk. • subrecipient monitoring requirements and found that documentation could not be provided to support that: o follow-up occurred regarding late receipt of an incomplete financial report for 1 contract overseen by MeCDC; o an appropriate response was completed to previously identified inaccurate expense reporting for 1 contract overseen by MeCDC; o a required report was reviewed for 1 contract overseen by EMS; and o required reports were received or that appropriate action was taken in response for 2 contracts overseen by EMS. OSA determined that payments made to subrecipients for the aforementioned reporting deficiencies were allowable based upon subsequent reports and other monitoring procedures performed. OSA utilized a risk-based approach to select 2 contracts issued by MeCDC and selected a non-statistical random sample of all other contracts. Context: In fiscal year 2025, MeCDC provided $3.2 million from a total of $6.2 million and EMS provided $301,000 from a total of $449,000 to Health Disparities program subrecipients. Cause: • Lack of adequate policies and procedures • Lack of supervisory oversight Effect: • Noncompliance with Federal regulations • Subrecipients that are deemed higher risk may not be monitored on a more frequent basis. Conversely, subrecipients that are deemed lower risk may not be monitored on a less frequent basis, which would free resources and time to dedicate towards other higher risk subrecipients. • Noncompliance with the Federal statutes, regulations, and the terms and conditions of the subaward by subrecipients may go undetected. • Potential future questioned costs and disallowances Recommendation: We recommend that the Department implement policies and procedures: • to ensure that all required information is included in contracts and contract amendments; • that require evaluation of each subrecipient’s risk of noncompliance specifically for the purpose of determining the appropriate subrecipient monitoring to be performed; and • implement policies and procedures to ensure all required subrecipient monitoring activities are performed. Corrective Action Plan: See F-19 Management’s Response: DHHS Response: The Department partially agrees with this finding. We agree with the recommendations that the Department implement policies and procedures to ensure all required information is included in contracts and that all required subrecipient monitoring is completed. The Department disagrees that we do not have subrecipient risk evaluation procedures. The Department evaluates risk on its subrecipients for the purposes of determining the appropriate subrecipient monitoring in multiple ways. The first assessment of risk is when a subaward is competitively bid. The second assessment of risk is built into the Maine Uniform Accounting and Auditing Practices for Community Agencies (MAAP) in which higher risk subrecipients undergo a higher level of testing by Independent Public Accountants. Finally, the Social Service Unit of the Division of Audit performs a risk assessment and tests transactions for those subrecipients that have been determined to be higher risk. DHHS Contact: Eden Hale, Associate Director, Division of Population Health Equity, Maine CDC, 207-441-1090 DPS Response: The Department partially agrees with this finding. The Department of Public Safety acknowledges that EMS was missing policies and procedures around specific subrecipient monitoring activities and required contract language identifying the Federal Grant. However, the Department has these policies and procedures in place for the Contract/Grant Team which oversees the majority of the Federal Funding for the Department. The Department will ensure all Bureaus receive guidance, training, and policies and procedures. DPS Contact: Derek Gorneau, Assistant to the Commissioner, DPS, 207-530-3531 Auditor’s Concluding Remarks: DHHS: 2 CFR 200.332(b) states that the Department must evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. The Department has indicated in Management’s Response that the criteria set forth in 2 CFR 200.332(b) have been met; however, the following rebuttals illustrate that the Department is not in compliance with Federal requirements: • The Department identifies the first assessment of risk: when a subaward is competitively bid. o While OSA acknowledges this does occur, not all subawards are competitively bid. o The level of subrecipient monitoring that the Department performs is based on the services provided, not on specific subrecipients, as required. • The Department identifies the second assessment of risk: built into MAAP in which higher risk subrecipients undergo a higher level of testing by independent public accountants. o A subrecipient deemed higher risk as the result of a risk evaluation in accordance with 2 CFR 200.332 may not be deemed higher risk in accordance with MAAP standards. • The Department identifies the third assessment of risk: the Social Service Unit of the Division of Audit performs a risk assessment and tests transactions for those subrecipients that have been determined to be higher risk. o The Department did not provide documentation to demonstrate that these procedures are performed as a result of a risk evaluation. The Department’s existing policies and procedures do not require nor provide support for the evaluation of each subrecipient’s risk of noncompliance specifically for the purpose of determining the appropriate subrecipient monitoring to be performed. DPS: The Department asserts that policies and procedures are in place for the Contract/Grant Team, but did not demonstrate that these policies and procedures were adhered to in relation to contracts for the Health Disparities program. The finding remains as stated. (State Number: 25-1123-03)
(2025-036) Title: Internal control over PDG subrecipient monitoring procedures needs improvement Prior Year Findings: None State Department: Health and Human Services Education State Bureau: Office of Child and Family Services Office of Teaching and Learning Federal Agency: U.S. Department of Health and Human Services Assistance Listing Title: Every Student Succeeds Act/Preschool Development Grants Assistance Listing Number: 93.434 Federal Award Identification Number: See E-65 to E-66 Compliance Area: Allowable costs/cost principles Subrecipient monitoring Type of Finding: Material weakness Material noncompliance Questioned costs Known Questioned Costs: $128,333 Likely Questioned Costs: Undeterminable; the Office of the State Auditor (OSA) selected a sample of subrecipients who received program funds during fiscal year 2025 and identified known questioned costs associated with 1 of those subrecipients based on various compliance attributes. Since circumstances are unique to each subrecipient, a projection of questioned costs cannot be reasonably estimated. Criteria: 2 CFR 200.303; 2 CFR 200.332 The Department must establish, document, and maintain effective internal control over Federal awards that provides reasonable assurance that the Department is managing awards in compliance with Federal statutes, regulations, and the terms and conditions of awards. The Department must: • ensure that every subaward is clearly identified to the subrecipient as a subaward and includes specific information. • evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring procedures. • monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. • ensure that the subrecipient takes corrective action on all Single Audit findings related to the subaward, other audit findings, site visits, and written notifications of adverse conditions which will impact the ability to meet milestones or the objectives of a subaward. Condition: The Every Student Succeeds Act/Preschool Development Grants (PDG) program assists states in helping low-income and disadvantaged children enter kindergarten prepared and ready to succeed in school and helps improve the transitions from the early care and education setting to elementary school. PDG is administered by the Department of Health and Human Services’ (DHHS) Office of Child and Family Services (OCFS). DHHS has a memorandum of understanding in place with the Department of Education (DOE) to assist in administering PDG. OSA tested 2 contracts issued by OCFS and 2 contracts issued by DOE for compliance with: • award identification requirements, and found: o 2 contracts issued by OCFS did not include the Federal award identification number or the grant award number; and o 2 contracts issued by DOE did not include the Federal award identification number, the Federal award date, the assistance listing title and number, the name of Federal agency, the assistance listing title and number, identification of whether the Federal award is for research and development, or the indirect cost rate for the Federal award. • subrecipient risk evaluation procedures, and found through inquiry of program personnel at OCFS and DOE that policies and procedures were not in place to ensure risk assessments were performed or used to determine subrecipient monitoring activities. As a result, subrecipient monitoring activities were the same for all subrecipients/contracts regardless of risk. • subrecipient monitoring requirements, and found that OCFS did not identify an appropriate level of monitoring for 1 contract. Evidence of significant developments, including inability to meet performance goals, that impacted the subrecipient’s ability to meet the objectives of the subaward were present prior to quarterly reporting. OSA determined that payments made to this subrecipient for the aforementioned monitoring deficiencies were not allowable based upon subsequent financial reports and the results of other monitoring procedures performed during the fiscal year. Payments to the subrecipient were withheld after April 2025. OSA has questioned the full amount of program expenditures paid to this subrecipient during the fiscal year, totaling $128,333. OSA selected a non-statistical random sample of all PDG subrecipient contracts. Context: In fiscal year 2025, PDG expenditures totaled $11.5 million, of which approximately $910,000 was paid to OCFS subrecipients and $709,000 was paid to DOE subrecipients. Cause: • Lack of adequate policies and procedures • Lack of supervisory oversight Effect: • Noncompliance with Federal regulations • Subrecipients that are deemed higher risk may not be monitored on a more frequent basis. Conversely, subrecipients that are deemed lower risk may not be monitored on a less frequent basis, which would free resources and time to dedicate towards other higher risk subrecipients. • Noncompliance with the Federal statutes, regulations, and the terms and conditions of the subaward by subrecipients may go undetected. • Payments may be issued in error to subrecipients not in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. • Known questioned costs • Potential future questioned costs and disallowances Recommendation: We recommend that the Department enhance oversight and implement policies and procedures to ensure that: • all required information is included in contracts and contract amendments; • an evaluation of each subrecipient’s risk of noncompliance specifically for the purpose of determining the appropriate subrecipient monitoring is performed; and • all required subrecipient monitoring activities are performed. Corrective Action Plan: See F-21 Management’s Response: The Departments partially agree with this finding. DHHS agrees that two contracts did not include the Federal award identification number or the grant award number. DOE agrees that two contracts did not include the Federal award identification number, the Federal award date, the assistance listing title and number, the indirect cost rate for the Federal award, name of Federal agency, assistance listing title and number, identification of whether the Federal award is for research and development, and the indirect cost rate for the federal award. The Departments disagree that subrecipient risk evaluation policies and procedures were not in place to ensure risk assessments were performed or used to determine subrecipient monitoring activities. DOE utilizes a risk assessment tool when developing monitoring of invoices associated with subrecipients. Contact: Tara Williams, Associate Director of Early Care & Education, OCFS, DHHS, 207-557-2342 Auditor’s Concluding Remarks: 2 CFR 200.332(b) states that the Department must evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. DHHS’ existing policies and procedures do not require nor provide support for the evaluation of each subrecipient’s risk of noncompliance specifically for the purpose of determining the appropriate subrecipient monitoring to be performed. Furthermore, as noted in the Condition, OSA found that DHHS did not identify an appropriate level of monitoring for 1 contract. If DHHS had adequate controls in place over subrecipient risk evaluation requirements, appropriate subrecipient monitoring procedures would have been developed and performed in response to the subrecipient’s inability to meet the objectives of the subaward, including withholding payments to the subrecipient sooner. Additionally, the risk assessment tool that DOE refers to in Management’s Response only determines the frequency of invoicing (monthly or quarterly) and does not determine the level of subrecipient monitoring needed based on the subrecipient’s risk. The finding remains as stated. (State Number: 25-1122-04)
(2025-043) Title: Internal control over TANF subrecipient risk evaluation procedures needs improvement Prior Year Findings: See Schedule of Findings and Questioned Costs for chart/table State Department: Health and Human Services State Bureau: Office for Family Independence Federal Agency: U.S. Department of Health and Human Services Assistance Listing Title: Temporary Assistance for Needy Families (TANF) Assistance Listing Number: 93.558 Federal Award Identification Number: See E-65 to E-66 Compliance Area: Subrecipient monitoring Type of Finding: Significant deficiency Questioned Costs: None Criteria: 2 CFR 200.303; 2 CFR 200.332 The Department must establish, document, and maintain effective internal control over Federal awards that provides reasonable assurance that the Department is managing awards in compliance with Federal statutes, regulations, and the terms and conditions of awards. The Department is required to evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in 2 CFR 200.332. Condition: The Department is required to evaluate each subrecipient’s risk of noncompliance with Federal regulations for the purpose of determining the appropriate level of subrecipient monitoring to be performed. Subrecipient monitoring activities include, but are not limited to, review of financial and performance reports submitted by the subrecipient, periodic site visits, ensuring required audits of the subrecipient are completed, and ensuring that corrective action is taken for any deficiencies identified through the aforementioned procedures. These procedures are necessary to ensure the subrecipient is in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. The Department provided evidence to support that subrecipient monitoring procedures were performed; however, documentation that risk evaluation procedures performed corresponded to the appropriate level of monitoring activities could not be provided. Context: The Department provided $35.0 million from a total of $104.9 million to TANF subrecipients during fiscal year 2025. Cause: • Lack of policies and procedures • Lack of supervisory oversight Effect: • Noncompliance with Federal regulations • Subrecipients that are deemed higher risk may not be monitored on a more frequent basis. Conversely, subrecipients that are deemed lower risk may not be monitored on a less frequent basis, which would free resources and time to dedicate towards other higher risk subrecipients. Recommendation: We recommend that the Department implement policies and procedures that require evaluation of each subrecipient’s risk of noncompliance specifically for the purposes of determining the appropriate subrecipient monitoring to be performed. This will ensure subrecipients are monitored appropriately based on risk designation. Corrective Action Plan: See F-23 Management’s Response: The Department disagrees with this finding. The Department evaluates risk on its subrecipients for the purposes of determining the appropriate subrecipient monitoring in multiple ways. The first assessment of risk is when a subaward is competitively bid. The second assessment of risk is built into the Maine Uniform Accounting and Auditing Practices for Community Agencies (MAAP) in which higher risk subrecipients undergo a higher level of testing by Independent Public Accountants. Finally, the Social Service Unit of the Division of Audit performs a risk assessment and tests transactions for those subrecipients that have been determined to be higher risk. Contact: Ian Yaffe, Director, Office for Family Independence, DHHS, 207-592-1481 Auditor’s Concluding Remarks: 2 CFR 200.332(b) states that the Department must evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. The Department has indicated in Management’s Response that the criteria set forth in 2 CFR 200.332(b) have been met; however, the following rebuttals illustrate that the Department is not in compliance with Federal requirements: • The Department identifies the first assessment of risk: when a subaward is competitively bid. o While OSA acknowledges this does occur, not all subawards are competitively bid. o The level of subrecipient monitoring that the Department performs is based on the services provided, not on specific subrecipients, as required. • The Department identifies the second assessment of risk: built into MAAP in which higher risk subrecipients undergo a higher level of testing by independent public accountants. o A subrecipient deemed higher risk as the result of a risk evaluation in accordance with 2 CFR 200.332 may not be deemed higher risk in accordance with MAAP standards. • The Department identifies the third assessment of risk: the Social Service Unit of the Division of Audit performs a risk assessment and tests transactions for those subrecipients that have been determined to be higher risk. o The Department did not provide documentation to demonstrate that these procedures are performed as a result of a risk evaluation. The Department’s existing policies and procedures do not require nor provide support for the evaluation of each subrecipient’s risk of noncompliance specifically for the purpose of determining the appropriate subrecipient monitoring to be performed. The finding remains as stated. (State Number: 25-1111-02)
(2025-047) Title: Internal control over TANF subrecipient monitoring procedures needs improvement Prior Year Findings: None State Department: Health and Human Services State Bureau: Office for Family Independence Federal Agency: U.S. Department of Health and Human Services Assistance Listing Title: Temporary Assistance for Needy Families (TANF) Assistance Listing Number: 93.558 Federal Award Identification Number: See E-65 to E-66 Compliance Area: Subrecipient monitoring Type of Finding: Significant deficiency Questioned Costs: None Criteria: 2 CFR 200.303; 2 CFR 200.332 The Department must establish, document, and maintain effective internal control over Federal awards that provides reasonable assurance that the Department is managing awards in compliance with Federal statutes, regulations, and the terms and conditions of awards. The Department must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition: The Department is required to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes. Subrecipient monitoring activities include, but are not limited to, review of financial and performance reports submitted by the subrecipient, periodic site visits, ensuring required audits of the subrecipient are completed, and ensuring that corrective action is taken for any deficiencies identified through the aforementioned procedures. These procedures are necessary to ensure the subrecipient is in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. The Office of the State Auditor (OSA) tested 9 contracts issued to Temporary Assistance for Needy Families (TANF) subrecipients and found that documentation could not be provided to support that: • required performance reports were received and that appropriate action was taken in response for 4 contracts; and • required reports were reviewed for 6 contracts. OSA determined that payments made to subrecipients for the aforementioned reporting deficiencies were allowable based upon subsequent reports and other monitoring procedures performed. OSA selected a non-statistical random sample. Context: The Department provided $35.0 million from a total of $104.9 million to TANF subrecipients during fiscal year 2025. Cause: • Lack of adequate policies and procedures • Lack of supervisory oversight Effect: • Noncompliance with Federal regulations • Noncompliance with the Federal statutes, regulations, and the terms and conditions of the subaward by subrecipients may go undetected. • Potential future questioned costs and disallowances Recommendation: We recommend that the Department implement policies and procedures to ensure that all required reports are received from subrecipients and reviewed by program personnel, and that appropriate action is taken to address any deficiencies identified through subrecipient monitoring. Corrective Action Plan: See F-25 Management’s Response: The Department agrees with this finding. The Department will create a process to ensure the documentation of the review of sub-recipient performance reports. Contact: Ian Yaffe, Director, Office for Family Independence, DHHS, 207-592-1481 (State Number: 25-1111-08)
(2025-054) Title: Internal control over CCDF subrecipient risk evaluation procedures needs improvement Prior Year Findings: None State Department: Health and Human Services State Bureau: Office of Child and Family Services Federal Agency: U.S. Department of Health and Human Services Assistance Listing Title: CCDF Cluster Assistance Listing Number: 93.489, 93.575, 93.596 Federal Award Identification Number: See E-65 to E-66 Compliance Area: Subrecipient monitoring Type of Finding: Significant deficiency Questioned Costs: None Criteria: 2 CFR 200.303; 2 CFR 200.332 The Department must establish, document, and maintain effective internal control over Federal awards that provides reasonable assurance that the Department is managing awards in compliance with Federal statutes, regulations, and the terms and conditions of awards. The Department is required to evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in 2 CFR 200.332. Condition: The Child Care and Development Fund (CCDF) program is administered by the Office of Child and Family Services (OCFS) and provides funding to increase the availability, affordability, and quality of childcare services in the State. The CCDF program contracts with subrecipients to administer the First 4 ME Pilot Project, a community-based, coordinated birth through kindergarten entry program which provides comprehensive, high-quality early child care and education to support a child’s school readiness. The Department is required to evaluate each subrecipient’s risk of noncompliance with Federal regulations for the purpose of determining the appropriate level of subrecipient monitoring to be performed. Subrecipient monitoring activities include, but are not limited to, review of financial and performance reports submitted by the subrecipient, periodic site visits, ensuring required audits of the subrecipient are completed, and ensuring that corrective action is taken for any deficiencies identified through the aforementioned procedures. These procedures are necessary to ensure the subrecipient is in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. The Department provided evidence to support that subrecipient monitoring procedures were performed; however, documentation that risk evaluation procedures performed corresponded to the appropriate level of monitoring activities could not be provided. Context: The Department provided $2.8 million from a total of $45.1 million to CCDF subrecipients during fiscal year 2025. Cause: • Lack of policies and procedures • Lack of supervisory oversight Effect: • Noncompliance with Federal regulations • Subrecipients that are deemed higher risk may not be monitored on a more frequent basis. Conversely, subrecipients that are deemed lower risk may not be monitored on a less frequent basis, which would free resources and time to dedicate towards other higher risk subrecipients. Recommendation: We recommend that the Department implement policies and procedures that require evaluation of each subrecipient’s risk of noncompliance specifically for the purposes of determining the appropriate subrecipient monitoring to be performed. This will ensure that subrecipients are monitored appropriately based on risk designation. Corrective Action Plan: See F-27 Management’s Response: The Department disagrees with this finding. The Department evaluates risk on its subrecipients for the purposes of determining the appropriate subrecipient monitoring in multiple ways. The first assessment of risk is when a subaward is competitively bid. The second assessment of risk is built into the Maine Uniform Accounting and Auditing Practices for Community Agencies (MAAP) in which higher risk subrecipients undergo a higher level of testing by Independent Public Accountants. Finally, the Social Service Unit of the Division of Audit performs a risk assessment and tests transactions for those subrecipients that have been determined to be higher risk. Contact: John Feeney, Chief Operating Officer, OCFS, DHHS, 207-626-8614 Auditor’s Concluding Remarks: 2 CFR 200.332(b) states that the Department must evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. The Department has indicated in Management’s Response that the criteria set forth in 2 CFR 200.332(b) have been met; however, the following rebuttals illustrate that the Department is not in compliance with Federal requirements: • The Department identifies the first assessment of risk: when a subaward is competitively bid. o While the Office of the State Auditor acknowledges this does occur, not all subawards are competitively bid. o The level of subrecipient monitoring that the Department performs is based on the services provided, not on specific subrecipients, as required. • The Department identifies the second assessment of risk: built into MAAP in which higher risk subrecipients undergo a higher level of testing by independent public accountants. o A subrecipient deemed higher risk as the result of a risk evaluation in accordance with 2 CFR 200.332 may not be deemed higher risk in accordance with MAAP standards. • The Department identifies the third assessment of risk: the Social Service Unit of the Division of Audit performs a risk assessment and tests transactions for those subrecipients that have been determined to be higher risk. o The Department did not provide documentation to demonstrate that these procedures are performed as a result of a risk evaluation. The Department’s existing policies and procedures do not require nor provide support for the evaluation of each subrecipient’s risk of noncompliance specifically for the purpose of determining the appropriate subrecipient monitoring to be performed. The finding remains as stated. (State Number: 25-1114-05)
(2025-071) Title: Internal control over DG – PA program subrecipient audit procedures needs improvement Prior Year Findings: None State Department: Defense, Veterans and Emergency Management State Bureau: Maine Emergency Management Agency Federal Agency: U.S. Department of Homeland Security Assistance Listing Title: Disaster Grants – Public Assistance (Presidentially Declared Disasters) (COVID-19) Assistance Listing Number: 97.036 Federal Award Identification Number: See E-65 to E-66 Compliance Area: Subrecipient monitoring Type of Finding: Significant deficiency Questioned Costs: None Criteria: 2 CFR 200.303; 2 CFR 200.332; 2 CFR 200.521 The Department must establish, document, and maintain effective internal control over Federal awards that provides reasonable assurance that the Department is managing awards in compliance with Federal statutes, regulations, and the terms and conditions of awards. The Department must follow up and ensure that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. The Department must issue a management decision for audit findings that relate to Federal awards provided to the subrecipient within 6 months of acceptance of the audit report by the Federal Audit Clearinghouse (FAC). Condition: The Maine Emergency Management Agency (MEMA) administers the Disaster Grants – Public Assistance (DG – PA) program for the State. MEMA is required to verify and document that Single Audits have been completed in the FAC and issue a management decision for audit findings related to awards to subrecipients. The Office of the State Auditor (OSA) tested 4 DG – PA program subrecipients subject to Single Audit requirements and found that documentation of review for 2 subrecipients could not be provided. OSA selected a non-statistical random sample. Context: In fiscal year 2025, the Department expended $160.5 million in DG – PA program funds, of which $154.6 million was provided to 27 subrecipients. Cause: • Lack of supervisory oversight • Lack of adequate policies and procedures Effect: • Noncompliance with Federal regulations • Subrecipients not complying with Federal statutes, regulations, or the terms and conditions of subawards may not be implementing appropriate corrective action in response to audit findings. Recommendation: We recommend that the Department enhance policies and procedures to ensure that adequate documentation is maintained and that subrecipient audits are received, reviewed, and appropriate action is taken in response to audit findings. Corrective Action Plan: See F-34 Management’s Response: The Department agrees with this finding. The Department will publish and implement an updated subrecipient monitoring procedure to require more extensive and narrative documentation of the single audit review process, including: - a list of subrecipients required to file a single audit report for a given audit year - whether or not an audit had been filed as of the review date - analysis of audit findings as relevant - summary of required actions per the subrecipient monitoring procedure, and/or updates on actions/communications since the prior review period as relevant Contact: Sunny Cyr, MEMA Business Office Director, DVEM, 207-707-2507 (State Number: 25-1502-05)
2025-002 – Subrecipient Monitoring – Internal Control and Compliance over Subrecipient Monitoring (Material Weakness) Identification of the Federal Program: Assistance Listing Number: 21.027 Assistance Listing Title: Coronavirus State and Local Fiscal Recovery Funds Federal Agency: Department of Treasury Pass-Through Entity: N/A Federal Award Number and Award Year: N/A Criteria or Specific Requirement (Including Statutory, Regulatory, or Other Citation): C.F.R. § 200.332 prescribes that the pass-through entity must conduct monitoring activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Passthrough entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. 4. The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. The City’s Subrecipient Monitoring Policy and Procedures, effective April 17, 2024, requires departments to monitor subrecipients to ensure compliance with Uniform Guidance. The policy requires that prior to award, the department shall evaluate the subrecipient’s risk of noncompliance with the Uniform Guidance, and the terms and conditions of the subaward, which risk assessment shall be documented, 2 CFR § 200.332(b). The policy also states that the City shall monitor subrecipients on a quarterly basis (90 days) throughout the term of the agreement (department should establish a regular monitoring schedule and document all monitoring), to ensure all subrecipients comply with the Uniform Guidance, that the subaward is used for authorized purposes, and that the subaward performance goals are achieved, as follows 2 CFR § 200.332(d): Reviewing subrecipient’s financial and performance reports. Ensuring subrecipients provide timely reports and information, as required by the federal awards. Following up and ensuring the subrecipient takes timely and appropriate action on all deficiencies as detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings. Issuing a management decision on Audit Findings, as required by 2 CFR § 200.521 (Management Decision). Condition: During the review of subrecipient monitoring records, we tested all two (2) existing subrecipients during the fiscal year ended June 30, 2025, and noted the following: The fully executed subrecipient agreements were not provided. One subrecipient agreement was executed via internal resolution and email approval; another subrecipient’s agreement does not have sufficient identification and award details, omitting key funding terminology. The documentation of the review of Financial and Performance Reports, the Pre-Award Risk Assessments, or the performance of the required subrecipient monitoring procedures were not provided. Cause: These conditions resulted from staffing capacity constraints, which led to subrecipient monitoring procedures not being performed consistently since the implementation of the City’s new Monitoring Policy on April 17, 2024. Additionally, formal documentation processes were not fully established, resulting in informal approvals and incomplete documentation of Pre-Award Risk Assessments. Effect or Potential Effect: The City’s insufficient monitoring of the necessary subrecipient activities resulted to internal control and compliance requirement finding. Questioned Costs: None. Context: See condition above for context of the finding. Identification as a Repeat Finding, If Applicable: Yes. See prior year finding 2024-003. Recommendation: We recommended the City to fully implement its Monitoring Policy by formalizing subrecipient agreements, strengthening internal controls, and establishing consistent processes for documenting Pre-Award Risk Assessments and Financial and Performance Reports. Views of Responsible Officials: Management concurs.
2025-002 – Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D”) Sponsoring Agency: Various – All R&D awards with subrecipients from 1 campus Award Name: Various - All R&D awards with subrecipients from 1 campus Award Number: Various Assistance Listing Title: Various – All R&D awards with subrecipients from 1 campus Assistance Listing Number: Various - All R&D awards with subrecipients from 1 campus Award Year: 2024-2025 Pass-through entity: All pass-through awards for 1 campuses with subrecipients Criteria 2 CFR 200.332(e) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(g) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Condition Through testing of subrecipient monitoring activities across four campuses, we identified that one campus does not have a documented process to determine whether subrecipients obtained a Uniform Guidance audit, as required, nor a process to follow up on audit findings or issue management decisions when applicable, in accordance with 2 CFR 200.233(e) and (g). While the campus performs a detailed pre-award risk assessment prior to executing subaward agreements — which includes review of available Uniform Guidance audit reports — ongoing monitoring procedures do not consistently include a review of the most recent Uniform Guidance audit report during the period of performance. Subaward agreements at this campus are generally limited to one year; however, when agreements are continued without a formal renewal or monetary amendment, a subsequent risk assessment is not required. As a result, updated Uniform Guidance audit reports are not consistently obtained or reviewed to determine whether (1) the subrecipient met audit requirements, (2) findings exist that impact the federal program, and (3) a management decision is required. Specifically, of 25 subawards tested at this campus, 9 did not have evidence that the most recent Uniform Guidance audit report was obtained and reviewed during the award period. In instances where audit reports were reviewed, documentation indicates the review was performed for risk assessment purposes rather than to satisfy the ongoing monitoring and management decision requirements under 2 CFR 200.232(e) and (g). Cause The campus’ monitoring procedures rely on subrecipients to communicate applicable audit findings rather than requiring the campus to independently obtain and review the most recent Uniform Guidance audit reports on an annual basis. Although review of Uniform Guidance reports is incorporated into the prescribed subrecipient risk assessment process, the risk assessment is not consistently required throughout the period of performance. As a result, procedures do not ensure that updated audit reports are obtained, evaluated, and documented in accordance with the requirements of 2 CFR 200.233(e) and (g). Effect As a result of not performing and documenting an annual review of subrecipients’ Uniform Guidance audit reports, the campus may not identify audit findings that impact its federal programs or ensure that appropriate follow-up and management decisions are issued within the required timeframe. This increases the risk of noncompliance with 2 CFR 200.233(e) and (g) and may result in unaddressed deficiencies or questioned costs related to federal awards. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the campus revise its subrecipient monitoring policies and procedures to require the timely review of subrecipients’ Uniform Guidance audit reports throughout the period of performance. Procedures should ensure that audit reports are reviewed at least annually to (1) determine whether the subrecipient met audit requirements, (2) identify findings that impact the campus’ federal programs, and (3) document follow-up actions and issuance of management decisions, as required by 2 CFR 200.233(e) and (g). Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings.
2025-004 – Subrecipient Monitoring: Lack of Supporting Documentation for Subrecipient Monitoring Activities Cluster: Not applicable Sponsoring Agency: United States Agency for International Development (USAID) Award Name: USAID Foreign Assistance for Programs Overseas Award Number: 7200AA19CA00018, 7200AA21LE00003 Assistance Listing Title: USAID Foreign Assistance for Programs Overseas Assistance Listing Number: ALN 98.001 Award Year: 2024-2025 Pass-through entity: Not applicable Compliance Requirement: Subrecipient Monitoring Criteria or Specific Requirement Under 2 CFR 200.332, pass-through entities are required to monitor subrecipients to ensure federal funds are used for authorized purposes, comply with award terms, and meet performance objectives. Required monitoring activities include reviewing financial and performance reports, ensuring corrective actions are taken, resolving audit findings, and issuing management decisions when applicable. Pass-through entities must also verify that subrecipients obtain audits in accordance with 2 CFR Part 200, Subpart F. Identified Condition For subrecipient monitoring testwork across two campuses, one campus was unable to provide evidence of subrecipient monitoring activities for the sample of nine (9) subrecipients selected for testwork. Specifically, formal supporting documentation of monitoring procedures conducted by the campus, such as reviews of subrecipient annual work plans, activity reports, performance indicator reporting, progress reports, technical reports, expenditure reports, and site visit reviews, were not available. Cause The grant awards for this program were terminated by the federal agency during February 2025. Following program termination, key program personnel separated from the campus, including the program investigators responsible for subrecipient monitoring activities. The campus did not have a formal document maintenance system in place to ensure the program investigators’ records were properly maintained by the campus. Consequently, supporting documentation related to subrecipient monitoring activities could not be located. Effect Lack of supporting documentation for subrecipient monitoring activities prevents the campus from demonstrating compliance with subrecipient monitoring requirements under the program. As a result, this increases the risk of deficiencies in subrecipient performance and/or the potential for unallowable expenditures. Questioned Costs None. Recommendation We recommend that the campus strengthen its record retention policies and access controls to ensure continuity and accessibility of supporting documentation and records in the event of employee turnover. Additionally, we also recommend that a formal process is established to ensure all required records and documentation are properly maintained when key personnel (program investigators and others) separate from the campus. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings.
2025-003: Accurate and Complete Schedule of Expenditures of Federal Awards (SEFA) Criteria or specific requirement: The Alliance must prepare a SEFA that is accurate and complete in accordance with 2 CFR 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Condition and context: The Alliance did not prepare a SEFA that was accurate and complete in accordance with the Uniform Guidance, as the unadjusted totals for federal expenditures were not accurate and did not agree to underlying support. In addition, an immaterial amount of allowable expenses were included on the 2025 SEFA, that should have been included on the 2024 SEFA. Cause: The cause is due to limited internal controls related to the preparation and review of the SEFA. Effect or potential effect: Without adequate controls over this process, the Alliance may not identify all federal awards received and related compliance and reporting requirements applicable to each award. Questioned costs: None. Identification as a repeat finding, if applicable: This is a repeat finding. Recommendation: The Alliance must assign individuals who are experienced and knowledgeable in the compliance requirements of the Uniform Guidance to monitor all federal grants received to ensure that the Alliance has met the applicable compliance and reporting requirements of each federal award. Views of responsible officials: Refer to the Corrective Action Plan prepared by the Alliance in regard to this matter. 2025-004: Subrecipient Monitoring Identification of the federal program: Continuum of Care Program (AL # 14.267) Criteria or specific requirement: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) Part 200.332, the Alliance must perform specific monitoring over subrecipients. The Alliance as the pass-through entity (PTE) is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved.
Subrecipient Monitoring Program Name: Crime Victim Assistance (Assistance Listing 16.575) Federal Award Agency: Department of Justice Award Years: Federal Fiscal Years 2021, 2022, and 2023 Federal Award Numbers: 15POVC-21-GG-00615-ASSI, 15POVC-22-GG-00715-ASSI, and 15 POVC-23-GG-00433-ASSI Background The Crime Victim Assistance program provides financial support and various services and resources to crime victims, including crisis counseling, criminal justice support and advocacy, shelter, and therapy. The Judicial Branch provides grants to subrecipients to provide these services. Title 28 U.S Code of Federal Regulations (CFR) Part 94.118 provides that subrecipients shall contribute not less than 20% of the total cost of each project. Subrecipients shall derive these contributions from non-federal sources. Each subrecipient shall maintain records that clearly show the source and amount of the matching contributions.Criteria Title 2 CFR Part 200.303 requires the non-federal entity to establish and maintain effective internal control over federal awards that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Title 2 CFR Part 200.332(e) provides that the pass-through entity shall monitor subrecipient activities as necessary to ensure that they comply with federal statutes, regulations, and the terms and conditions of the subaward. Title 28 CFR Part 94.106 provides that the state administering agency shall conduct regular desk monitoring of all subrecipients as well as on-site monitoring of all subrecipients at least once every two years during the award period. The state shall maintain a copy of site visit results and other documents related to compliance. Title 2 CFR Part 200.306(b) provides that the pass-through entity must accept any cost sharing funds as part of the subrecipient’s contributions to a program when the funds are verifiable in the subrecipient’s records. Condition The Judicial Branch did not perform regular subrecipient desk reviews or site visits at least once every two years during the award period as required by federal regulations. The branch does not complete reviews until the award period ends. As a result, it did not promptly examine subrecipients’ underlying documentation such as invoices, timesheets, or support for expenditures or matching contributions. The branch’s monitoring process was limited to monthly reviews of budget-to-actual summaries. Context During the fiscal year ended June 30, 2025, the branch made $8,759,482 in reimbursements to 40 subrecipients.Questioned Costs $0Effect The Judicial Branch has limited assurance that subrecipients used federal funds for allowable activities and met the mandatory matching requirements. This could potentially lead to future disallowed costs and federal repayment obligations.Cause Due to a lack of adequate staffing, the Judicial Branch prioritized reviewing supporting documentation for prior award periods rather than the current period. Prior Audit Finding We have not previously reported this finding.Recommendation The Judicial Branch should strengthen internal controls to ensure it complies with federal subrecipient monitoring requirements for the Crime Victim Assistance program. Views of Responsible Officials “The Judicial Branch Office of Victim Services (OVS) agrees to strengthen its internal controls as described below to comply with federal subrecipient monitoring requirements for the Victims of Crime Act Assistance (VOCA) Program. In 2025, OVS performed site visits for four VOCA-funded programs and completed financial-desk reviews of monthly or quarterly financial reports for all programs. That year, OVS experienced personnel turnover in its three-employee Fiscal Services Unit, notably the separation from state service of a Program Manager and a Court Planner, who together performed OVS’ programmatic site visits of VOCA-funded programs. Also, there was a significant increase in workload resulting from OVS’ contributions to the 2024-2025 VOCA request-for-proposal process. In response, staff outside the unit contributed while managing other assigned duties, a Program Manager and Grants and Contract Specialist were hired to restore the unit to its three-employee configuration, the new employees received training on subrecipient monitoring policies and procedures, and a revised subrecipient site visit plan was developed and has begun being implemented. To strengthen internal controls, OVS has developed a revised site visit plan for the remaining VOCA-funded programs scheduled to receive site visits in 2025. April 15, 2026, is the anticipated date for OVS to complete the site visits. OVS has completed sending letters to the subrecipients operating the VOCA-funded programs. The letters request supporting documentation, which is programmatic and financial in nature, in accordance with OVS administrative policy and procedure. Also, the letters inform subrecipients that site visits will commence in accordance with a revised site visit plan.”
Subrecipient Monitoring Program Name: Temporary Assistance for Needy Families (TANF) (Assistance Listing 93.558) Federal Award Agency: United States Department of Health and Human Services Award Years: Federal Fiscal Years 2024 and 2025 Federal Award Numbers: 2401CTTANF and 2501CTTANF Background The Department of Social Services (DSS) is the designated single state agency to administer Temporary Assistance for Needy Families (TANF) in accordance with Title 45 U.S. Code of Federal Regulations (CFR) Part 205.100. Connecticut administers certain aspects of TANF through several state agencies including the Department of Children and Families (DCF). DSS and DCF have a memorandum of understanding (MOU) which specifies each agency's responsibilities for administering programs in the TANF State Plan. DSS claims the state's use of federal TANF funds for home and community-based services provided to DCF's TANF-eligible clients. DCF enters into agreements with these subrecipients and pays them quarterly advances. DCF makes payments to Youth Service Bureaus claimed under the TANF program. Criteria Title 2 CFR Part 200.332(g) requires the pass-through entity to verify that subrecipients met their audit requirements for the fiscal year. Condition Our review of subrecipient monitoring over ten subrecipients that received $6,672,958 in TANF funds disclosed that DCF did not complete four annual fiscal reviews to ensure that subrecipients met their audit requirements for the fiscal year. Two of the ten subrecipients and two of the four exceptions were Youth Service Bureaus. Further review disclosed that DCF lacked procedures to perform annual reviews for Youth Service Bureau subrecipients. Context During the fiscal year ended June 30, 2025, DSS claimed $52,557,463 in DCF expenditures for various home and community-based services provided to 132 subrecipients, including $3,785,630 in expenditures for 102 Youth Service Bureau subrecipients. The sample was not statistically valid. Questioned Costs $0 Effect DSS and DCF have limited assurance that federal funds were used for allowable activities. Cause DCF experienced staffing limitations and competing priorities. DCF lacked management oversight over Youth Service Bureau subrecipients. Prior Audit Finding We previously reported this as finding 2024-024 and in two prior audits. Recommendation The Department of Children and Families should develop procedures to monitor payments to Youth Service Bureaus and strengthen internal controls to ensure compliance with the federal regulations for monitoring subrecipients of the Temporary Assistance for Needy Families program. As the lead agency for TANF, the Department of Social Services should strengthen procedures to ensure that supporting state agencies fulfill their responsibilities in their memorandum of understanding and comply with all federal TANF requirements. Views of Responsible Officials Response provided by the Department of Children and Families: “DCF agrees with this finding and will improve its internal review process to include Youth Services Bureaus and capture all subrecipients' federal single audits.” Response provided by the Department of Social Services: “The Department agrees with this finding. As the lead agency for TANF, DSS will strengthen procedures by requiring DCF to complete and share activities that verify subrecipients meet their audit requirements each fiscal year. DSS worked with an outside agency to review and enhance its subrecipient monitoring procedures. The outcome of this collaboration included training for DSS staff on subrecipient monitoring requirements, communicating expectations to subrecipients about monitoring expectations, a standardized data request, and the creation of a subrecipient monitoring toolkit to be utilized by DSS and its partners.”
Subrecipient Monitoring Program Name: Low-Income Home Energy Assistance Program (LIHEAP) (Assistance Listing 93.568) Federal Award Agency: United States Department of Health and Human Services Award Years: Federal Fiscal Years 2023, 2024, and 2025 Federal Award Numbers: 2301CTLIEA, 2301CTLIEE, 2401CTLIEA, 2401CTLIEI, 2501CTLIEA, and 2501CTLIEI Criteria Title 2 U.S. Code of Federal Regulations (CFR) Part 200.332 provides that the pass-through entity shall monitor subrecipient activities as necessary to ensure that they comply with federal statutes, regulations, and the subaward’s terms and conditions and ensure that they achieve performance goals and objectives. This includes a review of a pass-through entity’s required financial and performance reports. Condition Our review of subrecipient monitoring over nine Low-Income Home Energy Assistance Program (LIHEAP) subrecipients disclosed that the Department of Social Services (DSS) did not conduct annual fiscal reviews for one subrecipient. Context During the fiscal year ended June 30, 2025, DSS provided nine subrecipients with $75,417,156 of LIHEAP funds to administer the program. Questioned Costs $0 Effect DSS has limited assurance that federal funds were used for allowable activities. Cause Low staffing levels hindered the department. DSS lacks proper subrecipient monitoring procedures. Prior Audit Finding We previously reported this as finding 2024-022 and in one prior audit. Recommendation The Department of Social Services should strengthen internal controls to ensure it complies with federal subrecipient monitoring requirements for the Low-Income Home Energy Assistance Program. Views of Responsible Officials “The Department agrees with this finding and is in the process of hiring an additional staff member to assist with subrecipient monitoring. The LIHEAP unit is developing collaboration and cross-training by incorporating program liaisons to monitor portions of the financial requirements which coincide with program fuel slip monitoring reviews. The Department is creating a financial review tool to ensure consistency in the review of data to document in the financial report output.”
Subrecipient Monitoring Program Name: HIV Care Formula Grants (Ryan White HIV/AIDS Program Part B) (Assistance Listing 93.917) Federal Award Agency: United States Department of Health and Human Services Award Year: Federal Fiscal Year 2024 Federal Award Numbers: 5 X07HA00022-33-00 and 6 X07HA00022-34-01 Criteria Title 2 U.S. Code of Federal Regulations (CFR) Part 200.332(e) provides that the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subrecipient used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward and ensure that they achieve performance goals. This includes reviewing financial and performance reports required by the pass-through entity. The Ryan White HIV/AIDS Program Part B Manual requires an annual on-site financial review of all subrecipients to ensure compliance with federal and state requirements and the terms and conditions of the department’s contract. Condition Our review of the Department of Public Health (DPH) monitoring procedures for six not-for-profit and one for-profit subrecipients disclosed that the department did not conduct annual on-site financial review visits for any of the six not-for-profit subrecipients. Context During the fiscal year ended June 30, 2024, DPH provided $4,262,325 to six not-for-profit subrecipients and $21,633,283 to a for-profit subrecipient for AIDS health care and support services. We selected all seven fiscal year 2024 subrecipients for review as DPH had not completed the monitoring site visits for fiscal year 2025 funds. During the fiscal year 2025, the department provided $13,216,793 to subrecipients. Questioned Costs $0 Effect DPH had reduced assurance that its subrecipients used federal funds for allowable activities. Cause The department did not complete the financial reviews for fiscal year 2024 because staff lacked proper training, which was necessary due to new federal compliance requirements and DPH’s recent implementation of new audit software. Prior Audit Finding We previously reported this as finding 2024-201 and in one prior audit. Recommendation The Department of Public Health should strengthen internal controls to ensure compliance with federal requirements for monitoring subrecipients of the Ryan White HIV/AIDS Program Part B. Views of Responsible Officials “We agree with this finding. With the implementation of the new auditing software, Management Assurance will create a comprehensive, trackable financial review program and will ensure the reviews are completed in accordance with Federal guidance. We anticipate having the software fully implemented and the financial review program operational by March 01, 2026; the financial reviewer will be trained on the software and the program requirements no later than May 01, 2026. The financial reviews will begin as soon as possible after the reviewer completes their training; we intend to have a completed financial review for all Ryan White regional leads by year-end 2026.”
Assistance Listing, Federal Agency, and Program Name - 93.855, 47.076 and 47.074 Federal Award Identification Number and Year - Research and Development Awards Pass through Entity - N/A Finding Type - Material weakness and material noncompliance with laws and regulations Repeat Finding - No Criteria - Per 2 CFR 200.332 (b) through (h), pass through entities must maintain documentation regarding initial and ongoing monitoring activities of the subrecipient to ensure that the subaward is used for authorized purposes and that performance goals are achieved. Condition - The University could not provide evidence of conducting a formal risk assessment of subrecipients, nor was there documentation showing that the subrecipient’s SAM.gov registration was reviewed or it's most recent Single Audit report. Additionally, the University did not document ongoing monitoring procedures or retain records. The University relied on information self reported by the subrecipient without independently validating or documenting the required monitoring steps. Questioned Costs - $191,442 Identification of How Questioned Costs Were Computed - Questioned costs reflect the amount of costs passed through to subrecipients under the grant in 2025 Context - The University did not follow its written policy in place over subrecipient monitoring. Cause and Effect - Failure to comply with the University's written subrecipient policy, can result in questioned costs. Recommendation - The University should ensure controls are in place to comply with the subrecipient monitoring policy on an ongoing basis. Views of Responsible Officials and Planned Corrective Actions - At the subrecipient proposal development stage, the University currently requires subrecipients to certify in writing that they are not excluded or disqualified from receiving Federal Funds, their audit status, and other compliance matters (in a Subrecipient Commitment Form or “SCF”). The University reviews such SCF, including independently obtaining and reviewing the most recent Single Audit report. If matters are noted, University staff performs additional reviews and follow up. The University will implement formal documentation requirements of such risk assessment procedures and debarment reviews for subrecipients will be added at the time a purchase requisition is initiated. Additionally, the University will add procedures to ensure that such risk assessments are reassessed annually.
Finding Reference 2025-04 Assistance Listing Number Transit Services Programs Cluster 20.513Enhanced Mobility of Seniors and Individuals with Disabilities 20.516Job Access and Reverse Commute Program 20.521 New Freedom Program Name of Federal Agency Department of Transportation Compliance Requirement Subrecipient Monitoring Type of Finding Significant Deficiency on Internal Control and Noncompliance Condition From a sample of nine (9) subrecipients, the auditors identified that for one (1) subrecipient, the Authority, did not perform subrecipient monitoring within the required three (3)-year cycle established in its State Management Plan, as of the audit period ended June 30, 2025. Although monitoring activities were scheduled for a subsequent period (2026), such actions occurred after the audit period and do not address the absence of compliance as of June 30, 2025. Criteria 2 CFR 200.332(d) requires pass-through entities to monitor the activities of subrecipients to ensure compliance with Federal statutes, regulations, and the terms and conditions of the subaward. 2 CFR 200.303 requires non-federal entities to establish and maintain effective internal control over Federal awards. FTA Circular 5010.1E (Chapter 5) states that federal oversight activities (e.g., inspections or reviews) do not relieve the recipient of its responsibility to manage and oversee federally funded projects. The Authority’s State Management Plan establishes a risk-based monitoring approach, including a three (3)- year monitoring cycle for subrecipients. Cause The Authority did not ensure that subrecipient monitoring procedures were performed and documented within the required three-year cycle for all subrecipients. Additionally, management relied on the FTA Triennial Review process as evidence of monitoring, which reflects a misinterpretation of federal requirements regarding the Authority’s responsibilities as a pass-through entity. Effect The failure to perform and document subrecipient monitoring within the established cycle increases the risk that noncompliance with federal requirements by subrecipients may not be identified in a timely manner. In addition, federal funds may not be used in accordance with applicable laws, regulations, and grant requirements. The Authority may be exposed to questioned costs, repayment obligations, or increased federal oversight. Questioned Costs None. Recommendation We recommend that the Authority: Ensure that subrecipient monitoring is performed and documented in accordance with its State Management Plan and within the established three-year cycle. Reinforce internal controls and training to clarify that federal reviews (e.g., FTA Triennial Review) do not replace the Authority’s monitoring responsibilities under 2 CFR 200. Views of Responsible Officials Refer to Management’s unaudited corrective action plan.
Reference Number: 2025-002 Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds Federal Assistance Listing Number: 21.027 Federal Agency: U.S. Department of Treasury Pass-Through Entity: N/A Federal Award Number and Year: Fiscal Year 2024-25 Name of Department with Finding: Department of Consumer and Business Affairs Name of Departments with No Findings: Chief Executive Office Aging and Disabilities Executive Office of the Board of Supervisors Department of Public Health Department of Economic Opportunity Internal Services Justice Care and Opportunities Category of Finding: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance; Instance of Noncompliance Criteria In accordance with Title 2 U.S. Code of Federal Regulations (CFR) § 200.332(c)(e)(f), all pass-through entities must: (c) Evaluate each subrecipient's fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring described in paragraph (f) of this section. When evaluating a subrecipient's risk, a pass-through entity should consider the following: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits. This includes considering whether or not the subrecipient receives a Single Audit in accordance with subpart F and the extent to which the same or similar subawards have been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of any Federal agency monitoring (for example, if the subrecipient also receives Federal awards directly from the Federal agency). (e) Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must: (1) Review financial and performance reports. (2) Ensure that the subrecipient takes corrective action on all significant developments that negatively affect the subaward. Significant developments include Single Audit findings related to the subaward, other audit findings, site visits, and written notifications from a subrecipient of adverse conditions which will impact their ability to meet the milestones or the objectives of a subaward. When significant developments negatively impact the subaward, a subrecipient must provide the pass-through entity with information on their plan for corrective action and any assistance needed to resolve the situation. (3) Issue a management decision for audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) Resolve audit findings specifically related to the subaward. However, the pass-through entity is not responsible for resolving cross-cutting audit findings that apply to the subaward and other Federal awards or subawards. If a subrecipient has a current Single Audit report and has not been excluded from receiving Federal funding (meaning, has not been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant agency for audit or oversight agency for audit to perform audit follow-up and make management decisions related to cross-cutting audit findings in accordance with § 200.513(a)(4)(viii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Depending upon the pass-through entity's assessment of the risk posed by the subrecipient (as described in paragraph (c) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; (2) Performing site visits to review the subrecipient's program operations; and (3) Arranging for agreed-upon-procedures engagements as described in § 200.425. Condition During our audit of the Coronavirus State and Local Fiscal Recovery Funds (CSLFRF) program, we selected twenty one (21) subrecipients with active contracts with the County during FY 2024-25. We noted that the Department of Consumer and Business Affairs (DCBA) did not perform subrecipient monitoring for four (4) contracts administered by the department, of which one (1) contract did not have a risk assessment performed during FY 2024-25. In addition, we selected two (2) subrecipients with total expenditures of $19,217,030 that were subjected to subrecipient monitoring compliance requirements; however, it was determined that the selected subrecipients were vendors and inadvertently included in the subrecipient population. In the SEFA, the passed through to subrecipients column for this grant was reduced by $19,217,030 to reflect this correction. This is a repeat finding of 2024-002 as it relates to the subrecipient monitoring portion of the Condition. Cause Due to limited resources, the department needed more time to complete risk assessment, monitor the CSLFRF subrecipients and document the reviews in accordance with subrecipient monitoring requirements. Effect Failure to document risk assessment and monitoring results is noncompliance with the subrecipient monitoring requirements 2 CFR § 200.332 (c)(e)(f). Questioned Costs Questioned costs were not determinable. Context Of the twenty one (21) subrecipients selected for testing, which totaled $192,086,158, from a population of ninety-seven (97) subrecipients with expenditures totaling $282,469,393, the department did not perform an annual risk assessment for one (1) subrecipient and they did not have documentary evidence supporting the monitoring of four (4) subrecipients with expenditures totaling $5,917,341. However, the department retained copies of the subrecipients’ single audit reports. The misclassification of vendors was corrected by removing them from the subrecipient expenditures, which decreased subrecipient expenditures from $301,686,423 to $282,469,393. DCBA had 7 subrecipients with total expenditures of $99,128,273 out of the total of 97 subrecipients with total expenditures of $282,469,393. The sample was not a statistically valid sample. Recommendation We recommend the County perform risk assessments and monitor the activities of its subrecipients as necessary to ensure that subawards are used for authorized purposes and maintain appropriate records for monitoring subrecipients in accordance with subrecipient monitoring requirements set forth in 2 CFR § 200.332 (c)(e)(f).
Federal Agency: U.S. Department of Housing and Urban Development Federal Program Name: Section 811 - Project Rental Assistance Program Assistance Listing Number: 14.326 Federal Award Identification Number and Year: IL06RDD1201 - 2012; IL06RDD1301 - 2013; IL06RDD1901 - 2019 Pass-Through Agency: State of Illinois Pass-Through Number: IL902 Award Period: July 1, 2024 to June 30, 2025 Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Finding 2025-001 Failure to Adequately Monitor Subrecipients CONDITION The Illinois Housing Development Authority (Authority) did not follow its established policies and procedures for monitoring subrecipients of the Section 811 Project Rental Assistance (Section 811) program. The Authority has implemented procedures whereby program staff perform property inspections over subrecipient compliance with regulations applicable to the Section 811 program. The Authority’s policies require the subrecipient to have an inspection every three years. During our testing of the monitoring of subrecipients, we noted one of eight (13%) subrecipients (with expenditures of $319,404 during the year ended June 30, 2025) had not received an inspection within the required three-year period in accordance with Authority policy. The most recent inspection for this subrecipient was conducted in fiscal year 2019. This sample was not intended to be, and was not, a statistically valid sample. CRITERIA OR SPECIFIC REQUIREMENT According to 2 CFR 200.332(e), a pass-through entity is required to monitor the activities of subrecipients as necessary to ensure that federal awards are used for authorized purposes in compliance with laws, regulations, and the provisions of contracts or grant agreements and that performance goals are achieved. In addition, 2 CFR 200.303 requires non-Federal entities receiving Federal awards to establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include ensuring inspections are performed in a timely manner. CAUSE Authority management indicated there are three underlying causes for this audit finding: 1) Increased volume in required inspections - the annual volume of required inspections in fiscal year 2025 was 56% higher than the annual required inspections in fiscal year 2020 while staffing remained constant. 2) COVID-19 Waivers - In 2020, the Internal Revenue Service issued COVID-19 waivers that eliminated physical inspection requirements and allowed a calendar “reset” for Low Income Housing Tax Credit transactions until 2023. The result of the increased volume and calendar “reset” created a significant backlog of physical inspections due. 3) Inadequate controls – lack of quality control procedures to ensure the inspection reports were completed and filed appropriately. EFFECT Failure to adequately perform inspections of subrecipients may result in subrecipients not properly administering the Federal programs in accordance with laws, regulations, and the grant agreement. (Finding Code No. 2025-001) RECOMMENDATION We recommend the Authority improve its internal controls to ensure inspections are completed in accordance with established policies and procedures. AUTHORITY RESPONSE The Authority agrees with the finding. The Authority will implement additional internal controls, including quality control of completed inspection, documentation, and inspection scheduling. Additionally, the Authority recognizes that the volume of required annual inspections has increased beyond existing Full Time Equivalent (FTE) capacity; therefore, an RFP for the third-party inspection vendor has been issued to supplement internal resources and support timely completion of inspections.
Questioned Cost $ – Finding No. 2025-008: Subrecipient Monitoring (Material Weakness) State Agency: Office of Planning and Sustainable Development Federal Agency: Department of Commerce AL Number and Title: 11.419 – Coastal Zone Management Administration Awards Award Number and Award Year: NA22NOS4190022 2022 NA22NOS4190065 2022 NA23NOS4190139 2023 NA24NOSX419C0023 2024 Repeat Finding? No Condition During our audit, we tested a non-statistical sample of two subawards and found that the State did not communicate the following award information required under 2 CFR 200.332: Subrecipient’s unique entity identifier; Federal Award Date; Subaward Period of Performance Start and End Date; Subaward Budget Period Start and End Date; Assistance Listing title and number; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listing Number at the time of disbursement; Identification of whether the Federal award is for research and development; and Indirect cost rate for the Federal award (including if the de minimis rate is used in accordance with 200.414). Criteria 2 CFR Section 200.332(a) requires the State to clearly identify certain information to subrecipients at the time of the subaward, including the information specified above. Effect By not including the required information in the subaward, the State may not be providing the appropriate level of monitoring over its subrecipients. Cause and View of Responsible Officials Program personnel incorrectly classified subawards as vendor contracts. Recommendation We recommend that the management strengthen internal controls over subaward identification and monitoring subrecipients to ensure subrecipient monitoring requirements are met.
2025-004 SUBRECIPIENT MONITORING – WOIA (REPEATED) Funding agency: U.S. Department of Labor Title: Workforce Investment Act Cluster ALN Number: 17.258, 17.259, 17.278 Type of Finding: Significant Deficiency in Internal Control over Compliance; Other Non-compliance Compliance Area: Subrecipient Monitoring Award Year: Program Year 2023-2024 Question Costs: None Condition During prior year audit testing, we noted that the Department had been behind on performing monitoring controls such as quarterly desk reviews, annual on-site evaluations, and remote reviewing and testing of cost documentation. The Department had not completed fiscal or programmatic monitoring relating to Program Year 2023-2024 activity for any of its subrecipients. Due to staffing vacancies at the beginning of the fiscal year, as of January 2024, the Department had fallen approximately 2 years behind. By the beginning of fiscal year 2025, they had just completed Program Year 2022-2023 monitoring, and were thus out of compliance for a portion of the current year under audit. During the fiscal year, the Department made significant progress towards corrective action in compliance and controls over compliance for Subrecipient Monitoring over the WIOA program. Fiscal and programmatic monitoring for Program Year 2024 was substantially complete around June of 2025. We also noted that risk assessments are now being performed by the Department, rather than as selfassessments by the subrecipients. As a result of these improvements, we have lowered the type of finding from a Material Weakness to a Significant Deficiency in internal control over compliance, and from Material Non-Compliance to Other Non-Compliance. Criteria §200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the passthrough entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 Management Decision. Effect The lack of internal controls over this compliance requirement provides an opportunity for federal grant noncompliance at the subrecipient level. For monitoring controls to be wholly effective, they must be performed timely. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. There is higher risk of material misstatement, fraud, noncompliance, or errors. Cause The Department had previously not established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements. The Department had experienced staffing turnover during prior years. These causes have since been rectified
Program: Block Grants for Community Mental Health Services Federal Financial Assistance Listing Number: 93.958 Federal Grantor: U.S. Department of Health and Human Services Pass Through: California Department of Health Care Services Award No. and Year: 68-0317191 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: • 2 CFR Part 200.332(a), Requirements for Pass-Through Entities, states that all passthrough entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information as well as all the requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations, and the terms and conditions of the award. Condition: The following information was not provided at the time of the subaward for three (3) out of five (5) subawards selected for testing from the HCA’s Block Grants for Community Mental Health Services program • Federal Award Identification Number (FAIN) • Federal award date of award to recipient by the Federal Agency • Identification of whether or not the award is R&D • Indirect cost rate for the Federal award (including if the de-minimus rate is charged) Cause: The HCA’s procedures did not consistently ensure that the required award information and applicable requirements were communicated to the subrecipients at the time of subaward. Effect: The County’s control policies were not consistently followed which require compliance with the Subrecipient Monitoring requirements as found in 2 CFR 200.332. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: A nonstatistical sample of three (3) of five (5) subrecipients were sampled. The condition noted above was identified during our procedures related to subrecipient monitoring. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. Views of Responsible Officials: See separately issued Corrective Action Plan.
Program: Homeland Security Grant Program Federal Financial Assistance Listing Number: 97.067 Federal Grantor: U.S. Department of Homeland Security Pass-Through Entity: California Governor’s Office of Emergency Services Award No. and Year: Multiple Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: Title 2 of the U.S. Code of Federal Regulations (CFR), Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), Section 200.332, requires that pass-through entities: • Evaluate the risk of noncompliance with a subaward to determine the appropriate monitoring. • Verify every subrecipient is audited as required by Uniform Guidance, issue management decisions for audit findings, as applicable, and ensure the subrecipient take timely corrective action on all audit findings, as applicable. • Verify whether the subrecipient is suspended, debarred, or otherwise excluded before entering into a covered transaction. Condition: For two (2) out of two (2) subrecipients selected for testing, the subrecipient risk assessments were not performed by the department and the subrecipient was not checked for suspension or debarment prior to entering into the agreement. For one (1) out of two (2) subrecipients selected for testing, evidence could not be provided to verify the County reviewed the subrecipient’s single audit report to ensure timely corrective action was taken on audit findings, as applicable. Cause: Internal controls were not in place to ensure compliance with subrecipient monitoring requirements. Effect: Ineffective controls over this area of compliance could result in noncompliance occurring for a subrecipient and not being detected. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of two (2) subrecipients out of a population of two (2) was selected for testing. Repeat Finding from Prior Years: No Recommendation: We recommend the department enhance internal controls to ensure compliance with subrecipient monitoring requirements Views of Responsible Officials: See separately issued Corrective Action Plan.
U.S. DEPARTMENT OF HOMELAND SECURITY Finding Number 2025-048 Assistance Listing Number and Title 97.067 – Homeland Security Grant Program (HSGP) Compliance Requirement Subrecipient Monitoring State Entity Florida Division of Emergency Management (FDEM) Federal Grant/Contract Number and Grant Year EMW-2021-SS-00056 (2021) Statistically Valid Sample No Finding Type Noncompliance and Significant Deficiency Finding The FDEM did not always evaluate subrecipient risk to determine the appropriate subrecipient monitoring or conduct subrecipient monitoring. Criteria 2 CFR 200.332 – Requirements for pass-through entities – All pass-through entities must evaluate each subrecipient’s fraud risk and risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. The pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals and objectives are achieved. Condition According to FDEM management, subrecipients with subawards funded by the HSGP grant that closed on August 31, 2025, were to be monitored during the 2024-25 fiscal year. According to FDEM, 63 subrecipients with subawards totaling approximately $31.5 million in HSGP funds were monitored during the 2024 25 fiscal year. However, our inquiries of FDEM management and examination of FDEM monitoring records for 7 selected subrecipients disclosed that the FDEM neither evaluated fraud risk or the risk of noncompliance for 2 of the 7 subrecipients nor conducted required monitoring. Cause According to FDEM management, required risk assessment and monitoring activities were not completed due to an administrative oversight. Effect Absent an evaluation of each subrecipient’s fraud risk and risk of noncompliance, and monitoring of all subrecipients based on the results of the risk assessment, the FDEM cannot ensure that subawards are used for authorized purposes in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals and objectives are achieved. Recommendation We recommend that FDEM management enhance controls to ensure that subrecipient monitoring is performed based on an assessment of each subrecipient’s risk in accordance with Federal regulations. State Entity Response We concur. The risk assessment and monitoring activities did not occur for the 2 subrecipients identified. We will enhance internal controls to ensure monitoring is consistently performed and documented.
Condition We selected a non-statistical sample of three subrecipients and noted that the Department did not perform site-visits for two subrecipients as required by the Department’s policy and procedures. Criteria Pursuant to 2 CFR 200.332(d), pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Effect Failure to monitor subrecipients increases the risk that noncompliance at the subrecipient level goes undetected. Cause and View of Responsible Officials Although the Department has established policies and procedures in place over the application process and determination of assistance amount, there was a lack of diligence in complying with the policies and procedures. Recommendation We recommend that program management ensure that program personnel are familiar with all grant requirements, including those specified under the Criteria section above. Additionally, we recommend that the Department diligently comply with its policies and procedures.
Condition We selected a non-statistical sample of three subrecipients and noted that in each case, the Department did not perform required during-the-award monitoring of its subrecipients. In addition, the Department did not verify that that subrecipients were audited if required by 2 CFR Part 200, Subpart F. Criteria Pursuant to 2 CFR 200.332(d), pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pursuant to 2 CFR 200.332(f), pass through entities must verify that subrecipients expected to be audited as required by 2 CFR Part 200, Subpart F, met this requirement. Effect Failure to monitor subrecipient activities or verify that subrecipients have completed their required Single Audits increases the risk that noncompliance at the subrecipient level goes undetected. Cause and View of Responsible Officials The issue occurred during a period of staff transition, during which roles were assumed without the benefit of documented procedures, formal training, or established prior practices. Recommendation We recommend that the Department establish formal written policies and procedures to ensure that the required during-the-award monitoring is performed and the required subrecipient Single Audit reports are obtained and reviewed, including appropriate follow up on any relevant audit findings.
Finding 2025-001 Subrecipients Federal Agency: United States Department of Justice Federal Program: Edward Bryne Memorial Justice Assistance Grant Program Assistance Listing Number: 16.738 Award Identification Number: 2019-YA-BX-K002 Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our audit, we noted that the pre-award risk assessment was not performed until November 2024, subsequent to the subaward being signed with the subawardee. Based on our discussions with management, the process for performing pre-award risk assessment for subrecipients and determining and documenting the appropriate level of ongoing monitoring for subrecipients was implemented in November 2024. We also noted that the Association did not perform the FFATA (Federal Funding Accountability and Transparency Act) reporting requirements. Cause: During 2025, the Association's finance department turned over significantly, resulting in oversight of the compliance requirement. Effect or Potential Effect: The Association could inadvertently engage in relationships with subrecipients of higher risk without the appropriate level of oversight (i.e. monitoring) to ensure subrecipients are expending funds in accordance with the provisions and terms of the subaward. Questioned Costs: None noted. Context: Our audit procedures in this area consisted of substantive testwork over a sample of subrecipient expenditures that were selected based on a defined threshold. We consider our sample to be representative of the populations, and thus, is a statistically valid sample. The issue is deemed to be systemic. Identification as a Repeat Finding, if Applicable: 2024-001 Recommendation: We recommend that the Association strictly adhere to its current subaward policy and ensure the risk assessment procedures over all of its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Association should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels.
Finding Number - 2025-006 Late vendor credits Agency Department of Health & Human Services Federal Program Medicaid Cluster ALN 93.778 Compliance Requirement Cost Principles Type of Finding Internal Control over Compliance / Compliance Category Other Criteria In accordance with the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, 2 CFR §200.305(b)(1) requires that pass-through entities ensure payments to subrecipients are made in a timely manner, generally within a reasonable period after receipt of a valid request for payment. Federal guidance and established administrative practice interpret a reasonable period for purposes of cash management compliance to mean no later than 30 calendar days following receipt of a proper payment request, unless the pass-through entity reasonably determines the request to be improper. This requirement applies regardless of whether the federal award operates on a reimbursement basis and is intended to ensure compliance with federal cash management standards and minimize the time between disbursement of funds and federal reimbursement. Criteria – (continued) For Medicaid program (Assistance Listing 93.778), CMS regulations further require that expenditures claimed for Federal Financial Participation (FFP) be based on actual, incurred, and properly documented costs in accordance with 42 CFR §433.32 and applicable CMS financial management guidance. CMS oversight emphasizes timely payment and proper cash management practices to ensure that expenditures are valid and that federal funds are drawn only for allowable and properly incurred costs. Additionally, 2 CFR §200.332(a) requires pass-through entities to monitor subrecipients and ensure compliance with applicable federal requirements, including adherence to cash management provisions. Condition During testing of subrecipient disbursements, it was noted that six (6) payments included in the sample of 178 were made more than 30 calendar days after the pass-through entity received a valid request for payment from the subrecipient. The delays ranged from 46 to 150 days beyond the regulatory requirement. Item No. Check Date (Voucher id) Invoice Date Audited Amount 1 1/24/2025 00536685 12/4/2024 $ 1,458 2 5/23/2025 00553562 12/23/2024 $ (1,321,563) 3 5/23/2025 00553519 12/23/2024 $ 2,111 4 5/23/2025 00553562 4/1/2025 $ (220,261) 5 7/23/2024 00515301 6/7/2024 $ 5,876 6 7/23/2024 00515303 6/7/2024 $ 8,911 Also, we identified two (2) instances in which vendor credits related to previously issued invoices were not applied to the corresponding invoices until approximately one (1) to three (3) months after the original drawdown was requested. Item No. Invoice number Invoice date Credit amount Drawdown not including credit Date credit return Days 1 RF VITAL 25-003 12/27/2024 $ (1,321,563) 1/13/2025 6/3/2025 -141 2 RF VITAL 25-006 4/10/2025 $ (220,261) 4/28/2025 6/3/2025 -36 Cause The delays in payment were primarily attributable to internal cash management and administrative practices, including the practice of awaiting the receipt of federal funds or internal approvals prior to issuing payment to the subrecipient. These practices were not aligned with the timing requirements established under Uniform Guidance. Management indicated that the Program waits until sufficient positive fund balances are available before processing the return of outstanding credits. As a result, certain credit balances may remain pending until adequate funds are available to complete the reimbursement. This practice may delay the timely return of funds in accordance with applicable requirements. Effect Failure to remit payment to subrecipients within the required 30-day timeframe. Continued noncompliance may increase the risk of: a) Audit findings under the Uniform Guidance, b) Increased federal oversight, c) Potential questioned costs, and d) Strained financial operations for subrecipients due to delayed reimbursement. The delayed application of credits resulted in temporary overstatements of expenditures used to support Federal drawdowns. Although the credits were eventually applied, the timing difference may result in noncompliance with cash management requirements under 2 CFR §200.305, as Federal funds may have been drawn in excess of immediate cash needs. Questioned Costs None Perspective Information This finding was identified during the audit of the Medicaid program (Assistance Listing 93.778) for the fiscal year ended 2025. The payments tested related to expenditures incurred and invoiced by a state agency acting as a subrecipient under an interagency agreement. Although both the pass-through entity and the subrecipient are agencies within the same state government, federal regulations treat them as distinct entities for purposes of cash management compliance. Prior Year Audit Finding This is not a prior year finding Recommendation It is recommended that the pass-through entity strengthens internal controls over subrecipient payments to ensure that all valid requests for payment are processed and paid within the 30-calendar-day timeframe required by 2 CFR §200.305(b)(1). Management should also ensure that payment procedures are not contingent upon the timing of federal drawdowns and that any delays are adequately documented and communicated to the subrecipient. We recommend that management strengthen internal controls over the drawdown process by implementing a formal review procedure to verify that all outstanding vendor credits have been identified and applied prior to submitting a Federal draw request. Views of Responsible Officials and Planned Corrective Actions The PRDH’s management agrees with this finding. Please refer to the corrective action on pages 57-60.
Finding Number: 2025-012 State/Educational Agency(s): Arkansas Department of Commerce – Arkansas Economic Development Commission Pass-Through Entity: Not applicable AL Number(s) and Program Title(s): 21.029 – Coronavirus Capital Project Funds Federal Awarding Agency: U.S. Department of Treasury Federal Award Number(s): CPFFN0186 Federal Award Year(s): 2022 Compliance Requirement(s) Affected: Allowable Cost/Cost Principles Type of Finding: Noncompliance Repeat Finding: Not applicable Criteria: In accordance with 2 CFR § 200.332(b), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward. The following is a partial listing of the information a pass-through entity must provide when available: (1) Federal award identification. (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient’s unique entity identifier (UEI). Condition and Context: ALA reviewed five broadband infrastructure projects totaling $39,789,080, from a total of 20 broadband infrastructure projects totaling $127,227,854, and noted the grant awards had been issued to internet service providers (ISPs) with a unique entity identifier; however, the ISP was not always the entity that would construct and own the broadband network. Several of these ISPs were wholly owned subsidiaries of electric cooperatives, which have a different unique entity identifier. ALA reviewed 247 invoices associated with 15 reimbursement requests and noted 173 invoices totaling $10,793,988 in which the expenses submitted for reimbursement were incurred and paid by the electric cooperative instead of the ISP. ALA also noted 6 instances totaling $3,364,595 in which the reimbursement payments related to these invoices were made to the electric cooperative instead of the ISP. Statistically Valid Sample: Not a statistically valid sample Questioned Costs: None Cause: The Arkansas State Broadband Office (ASBO) did not execute the grant agreements with the party that would have ownership of the broadband network when the project was complete. Effect: Failure to ensure grant agreements are executed with the appropriate subrecipient could lead to the submission of expenses and payments that are improper. Recommendation: ALA staff recommend the Agency ensure the subrecipient in the grant agreement is the party that will construct and own the broadband network when it is complete. Doing so will ensure the subrecipient is able to submit and be reimbursed for expenses incurred and place the liability for completion of the project with the appropriate party. Views of Responsible Officials and Planned Corrective Action: ASBO acknowledges the auditor’s observation regarding the execution of subaward agreements with ISP entities that are wholly owned subsidiaries of electric cooperatives and the related affiliate payment structure. Subaward agreements were executed with legally distinct ISP entities holding unique entity identifiers (UEIs) and responsible for performance under the Capital Projects Fund (CPF) award. In certain instances, affiliated parent entities processed invoice payments as part of established intercompany accounting practices. These arrangements reflected corporate structure and operational efficiencies rather than an intent to shift accountability or bypass program requirements. ASBO notes that no questioned costs were identified and that project deliverables were completed in accordance with the terms of the award. The ISP entities remained responsible for reporting, certification, and compliance under the executed agreements. ASBO recognizes, however, that clearer documentation of intercompany payment flows would strengthen audit traceability and reduce ambiguity regarding which legal entity incurred and paid specific costs. To enhance documentation clarity, ASBO will require subrecipients with affiliated entities to maintain documented intercompany reconciliations where applicable and will update subaward templates to further clarify entity-level responsibility for payment, ownership, and record retention. Internal review procedures will also be reinforced to ensure alignment between invoicing practices and designated subrecipient entities. Anticipated Completion Date: June 30, 2026 Contact Person: Glen Howie State Broadband Director Arkansas State Broadband Office 1 Commerce Way Little Rock, AR 72202 (501) 683-6000 broadband@arkansas.gov
Finding Number: 2025-014 State/Educational Agency(s): Arkansas Department of Commerce – Arkansas Economic Development Commission Pass-Through Entity: Not applicable AL Number(s) and Program Title(s): 21.029 – Coronavirus Capital Project Funds Federal Awarding Agency: U.S. Department of the Treasury Federal Award Number(s): CPFFN0186 Federal Award Year(s): 2022 Compliance Requirement(s) Affected: Matching, Level of Effort, and Earmarking Type of Finding: Noncompliance Repeat Finding: Not applicable Criteria: In accordance with 2 CFR § 200.332(b)(2), a pass-through entity must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes all requirements of the subaward, including requirements imposed by federal statutes, regulations, and the terms and conditions of the federal award. Arkansas State Broadband Office (ASBO) procedures also require any special conditions to be disclosed in the grant agreement. Condition and Context: Federal guidelines do not require cost sharing or matching funds; however, ASBO procedures require a minimum match of 25%. The specific amount of matching required above can vary with each project. A proposed matching amount is submitted by each applicant for a project and evaluated as part of the award process. ASBO did not include the final required matching amount in the grant agreement. Statistically Valid Sample: Not a statistically valid sample Questioned Costs: None Cause: ASBO management did not include required matching amounts in the grant agreement. Effect: Failure to include all significant terms in the grant agreement could result in a subrecipient’s noncompliance due to lack of knowledge and understanding of required responsibilities. Recommendation: ALA staff recommend the Agency include all significant terms (including required matching amounts) in the grant agreement. Views of Responsible Officials and Planned Corrective Action: ASBO acknowledges the auditor’s observation regarding the inclusion of required matching amounts in the executed grant agreements. The Capital Projects Fund (CPF) program does not require cost sharing or matching funds under federal guidance. However, the Arkansas State Broadband Office (ASBO) incorporated a minimum match expectation as part of its state-level program design and evaluation process. Proposed match commitments were submitted by applicants and evaluated during the award process. ASBO recognizes that the final required match amount was not expressly stated in the executed grant agreement. While match expectations were documented during application review and award evaluation, ASBO agrees that explicitly including the finalized match requirement in the executed agreement would provide greater clarity and reduce ambiguity. ASBO notes that no questioned costs were identified in connection with this finding. ASBO will update its grant agreement templates to ensure that any state-imposed matching requirements are explicitly incorporated into the final executed agreement. This enhancement will ensure alignment between program evaluation criteria and formal award documentation going forward. Anticipated Completion Date: June 30, 2026 Contact Person: Glen Howie State Broadband Director Arkansas State Broadband Office 1 Commerce Way Little Rock, AR 72202 (501) 683-6000 broadband@arkansas.gov
Finding Number: 2025-016 State/Educational Agency(s): Arkansas Department of Commerce – Arkansas Economic Development Commission Pass-Through Entity: Not applicable AL Number(s) and Program Title(s): 21.029 – Coronavirus Capital Project Funds Federal Awarding Agency: U.S. Department of the Treasury Federal Award Number(s): CPFFN0186 Federal Award Year(s): 2022 Compliance Requirement(s) Affected: Subrecipient Monitoring Type of Finding: Noncompliance Repeat Finding: Not applicable Criteria: In accordance with 2 CFR § 200.332(e), a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with federal statutes, regulations, and the terms and conditions of the subaward. As outlined in the Uniform Guidance at 2 CFR Part 200, Subpart E regarding Cost Principles, allowable costs must meet the following criteria: (1) be necessary, reasonable, and allocable for the performance of the federal award, (2) be accorded consistent treatment as either a direct cost or indirect cost, and (3) be adequately documented. Condition and Context: The broadband infrastructure grants are for the construction and deployment of broadband infrastructure projects designed to deliver, upon project completion, service that reliably meets or exceeds symmetrical download and upload speeds of 100 Mbps. When construction and deployment are completed, the subrecipient notifies the Arkansas State Broadband Office (ASBO) in writing. ASBO has contracted with a third-party vendor to perform a technical close-out, which involves field visits and the issuance of a letter to confirm the work has been completed in accordance with the grant agreement. ALA reviewed 5 of 20 projects and noted that 1 project reviewed was not properly closed out. The project was completed in October 2024, and a technical close-out letter was issued in December 2024. In October 2025, the subrecipient requested permission to perform equipment upgrades to the network, and the third-party contractor rescinded the close-out letter, allowing additional expenses of $2,096,990 to be submitted for reimbursement. As indicated in the technical close-out letter issued in December 2024, these upgrades were not necessary for completion of the network in accordance with the grant agreement. Once the network has been completed, any further costs incurred are considered maintenance costs and are the responsibility of the subrecipient. Statistically Valid Sample: Not a statistically valid sample Questioned Costs: $2,096,990 Cause: ASBO management did not ensure that only expenses necessary for performance of the federal award were included as allowable costs. Effect: Failure to properly close-out grants in compliance with Agency procedures could result in reimbursement of expenses that are unallowable. Recommendation: ALA staff recommend the Agency follow close-out procedures and ensure maintenance expenses incurred after the completion of the project are not included as allowable costs. Views of Responsible Officials and Planned Corrective Action: ASBO acknowledges the auditor’s observation regarding the sequencing of the technical close-out letter and subsequent expenditures for one project. ASBO respectfully clarifies that a Technical Close-Out Letter reflects that the primary network infrastructure has been constructed and service capability established. It does not necessarily signify final project completion for all eligible cost components under the grant agreement. Project completion for reporting purposes occurs upon final reporting to the U.S. Department of the Treasury. In October 2025, the subrecipient requested approval to perform additional network equipment upgrades using remaining grant funds. ASBO obtained written confirmation from the U.S. Department of the Treasury Senior Federal Program Officer that the identified OLT upgrade constituted an eligible network component necessary to deliver service and was not maintenance. No additional grant funds were awarded for this work; the proposal involved remaining grant balances. It should be noted that as of the date of audit review, no expenses had been incurred related to the proposed upgrade. As such, ASBO does not concur that the identified $2,096,990 represents ongoing maintenance costs or unallowable expenditures. In fact, all reimbursements to date include eligible network build-out costs incurred prior to “technical closeout” but financially processed after that date, or fiber-to-the-home (FTTH) drops. FTTH drops have been an allowable expense in the Arkansas CPF Program following technical closeout yet prior to reporting the project complete to U.S. Treasury. The misclassification of these costs as maintenance appears to stem from an assumption that they were related to the proposed network upgrade, when in actuality, they were not. To avoid ambiguity in future projects, ASBO will formalize procedures clarifying the distinction between technical close-out, formal project completion, and eligible use of remaining funds. Any Treasury-approved scope clarifications or post-close-out adjustments will be formally documented prior to reimbursement to ensure alignment between technical certification and financial reporting. Anticipated Completion Date: June 30, 2026 Contact Person: Glen Howie State Broadband Director Arkansas State Broadband Office 1 Commerce Way Little Rock, AR 72202 (501) 683-6000 broadband@arkansas.gov
Finding Number: 2025-017 State/Educational Agency(s): Arkansas Department of Commerce – Arkansas Economic Development Commission Pass-Through Entity: Not applicable AL Number(s) and Program Title(s): 21.029 – Coronavirus Capital Project Funds Federal Awarding Agency: U.S. Department of the Treasury Federal Award Number(s): CPFFN0186 Federal Award Year(s): 2022 Compliance Requirement(s) Affected: Subrecipient Monitoring Type of Finding: Noncompliance Repeat Finding: Not applicable Criteria: In accordance with 2 CFR § 200.332(e), a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with federal statutes, regulations, and the terms and conditions of the subaward. Condition and Context: Arkansas State Broadband Office (ASBO) procedures require subrecipients to maintain an irrevocable standby letter of credit equal to 100% of the grant award amount disbursed. The irrevocable standby letter of credit must be accompanied by an opinion letter from the subrecipient’s legal counsel stating the letter of credit and its proceeds will not be subject to a Chapter 11 bankruptcy proceeding. The letter of credit must remain in place until the project is completed. In lieu of a letter of credit, the subrecipient may furnish a performance bond in an amount equal to the grant award. ALA reviewed 5 of 20 projects to determine if the letter of credit or performance bond for the appropriate amount was properly maintained by the subrecipient. ALA noted that a letter of credit was not maintained for the required amount for 1 of the 5 projects reviewed. Statistically Valid Sample: Not a statistically valid sample Questioned Costs: None Cause: ASBO management did not adequately monitor subrecipients to ensure compliance with letter of credit requirements. Effect: Failure to properly monitor subrecipients could result in noncompliance with federal laws and regulations. Recommendation: ALA staff recommend the Agency ensure subrecipients maintain a letter of credit in accordance with ASBO requirements. Views of Responsible Officials and Planned Corrective Action: ASBO acknowledges the auditor’s observation that, for one project reviewed, the required irrevocable standby letter of credit was not maintained at the full amount required under ASBO procedures. ASBO recognizes that ongoing monitoring of letter of credit requirements is an important safeguard to ensure subrecipient compliance and protect program funds. No questioned costs were identified in connection with this matter. ASBO has implemented enhanced monitoring procedures to verify and document that required letters of credit or performance bonds are maintained at the appropriate level throughout the project period. This includes periodic verification and documented review to ensure continued compliance with program requirements. Anticipated Completion Date: June 30, 2026 Contact Person: Glen Howie State Broadband Director Arkansas State Broadband Office 1 Commerce Way Little Rock, AR 72202 (501) 683-6000 broadband@arkansas.gov
Finding 2025-005: CDBG Subrecipient Monitoring At Metro Government’s Office of Housing and Community Development (“OHCD”) Needs Improvement Federal Program: ALN 14.218 Community Development Block/Entitlement Grants Name of Federal Agency: U.S. Department of Housing and Urban Development Award Identification Number and Year: B-21-MC-21-0008, B-22-MC-21-0008, B-20-MC-21-0008, B-18-MC-0008, B-23-MC-21-0008, and B-24-MC-211-008 Name of pass-through entity: N/A COVID Identification: No Amount of Questioned Costs: N/A Compliance Requirement: Subrecipient monitoring Criteria:The Metro Government Subrecipient Management Policy Manual states, “Title 2 CFR 200.332 requires all pass-through entities to evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward to determine the appropriate monitoring needed to ensure Federal funds are used properly. Passthrough entities are not required to complete a risk assessment on contractors. Metro agencies must complete risk assessments on all subrecipients no less than annually.” 2 CFR 200.332(c) states, “Evaluate each subrecipient’s fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring described in paragraph (f) of this section. When evaluating a subrecipient’s risk, a pass-through entity should consider the following: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits. This includes considering whether or not the subrecipient receives a Single Audit in accordance with subpart F and the extent to which the same or similar subawards have been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of any Federal agency monitoring (for example, if the subrecipient also received Federal awards directly from the Federal agency).” Condition: During FY 2025, a total of $9,780,961 in CDBG funds were distributed to 21 subrecipients by Metro Government. Monitoring these subrecipients was conducted by two offices. The Office of Social Services (“OSS”) monitored 11 subrecipients totaling $5,306,082. The Office of Housing and Community Development (“OHCD”) was responsible for monitoring 10 subrecipients totaling $4,474,879. OSS is responsible for monitoring the subrecipients that have subawards for CDBG operating and service projects. OSS completes the following procedures when monitoring their subrecipients: completing a risk assessment spreadsheet, maintaining a historic log documenting the dates of when each subrecipient was monitored, and desk reviews and/or site visits. High risk subrecipients are monitored more frequently compared to those assessed at a lower risk. Subrecipients are required to be monitored at least once every three years. The OHCD is responsible for monitoring subrecipients that have subawards for CDBG capital projects. OHCD conducts informal, undocumented risk assessments of subrecipients. No site visits were conducted in fiscal year 2025. Effect: The OHCD did not adequately monitor its subrecipients during fiscal year 2025. Cause: The OHCD did not have a designated individual responsible for subrecipient monitoring during fiscal year 2025. Recommendation: We recommend the OHCD adopt the procedures and documentation practices established by OSS. Specifically, this includes conducting site visits, assessing each subrecipient’s risk of noncompliance, performing desk reviews and site visits, and maintaining comprehensive documentation of risk assessment and monitoring activities.
Finding #2025-001: #84.048 -Career and Technical Education - Basic Grants to States Federal Grantor Agency: U.S. Department of Education Compliance Requirement: Subrecipient Monitoring Condition: During our audit procedures, we noted that the District does not have formal, written procedures governing subrecipient monitoring. Although the District reviews supporting documentation—such as invoices—submitted by subrecipient schools prior to submitting claims to the Department of Public Instruction (DPI), these practices are not documented in an established policy or procedure. Criteria: Uniform Guidance (2 CFR 200.331–200.332) requires pass-through entities to establish and implement written procedures for monitoring subrecipients to ensure compliance with federal program requirements and achievement of performance goals. Cause: The District has not developed or implemented formal written policies and procedures for subrecipient monitoring. Effect: In the absence of formalized procedures, the District’s monitoring practices may be applied inconsistently, increasing the risk of unallowable costs, noncompliance with federal requirements, or misunderstandings between the District and its subrecipients. This could lead to questioned costs or administrative issues during oversight by DPI or other regulatory bodies. Recommendation: We recommend that the District develop and adopt formal written procedures outlining its subrecipient monitoring activities. These procedures should clearly describe monitoring responsibilities, required documentation, review steps, communication expectations, and follow-up actions. Implementing a formalized process will help ensure consistent oversight and compliance with federal regulations. Grantee Response: The District will develop and implement written procedures that outline the required monitoring steps, documentation standards, communication protocols, and follow-up expectations for subrecipient oversight. These procedures will align with the requirements of Uniform Guidance and DPI expectations.